1. Examine who the message came from
The first thing to look for is the name and e-mail address that the message came from. If you don’t recognize the person’s name or e-mail domain (i.e., the part of the e-mail address that appears AFTER the @ symbol), it’s probably a good idea to just delete the message.
2. Examine the spelling, grammar, and punctuation
Hackers are notorious for their poor spelling, grammar, and punctuation, so this is another huge red flag. How many punctuation mistakes can you spot in the example below? A message from a trustworthy source probably wouldn’t contain these types of mistakes.
3. Examine the hyperlinks
Whatever you do, never click on the hyperlinks found within an e-mail message unless you are absolutely certain the message is from a trustworthy source! Many phishing e-mails contain links to malicious websites which, if clicked on, may cause harm to your computer or may try to lure you into sharing sensitive information (e.g. passwords, credit card numbers).
That said, however, it’s perfectly safe to hover your mouse over the hyperlink so you can examine the web address. Without clicking on the link, simply place your mouse over the link and examine the address. In the example below, the mouse was placed over the word “Here” thus displaying this rather cryptic URL – https://c2gfs821.caspio.com.
In contrast to the cryptic URL shown above, take a look at the web address shown below (which is from a legitimate e-mail sent by the IT Help Desk). The URL is http://libanswers.buffalostate.edu which is a valid Buffalo State website.
4. When in doubt, delete!
The bottom line is that, if there is any doubt about the authenticity of an e-mail, just delete it! If you weren’t expecting the message and don’t recognize the sender’s name and address, chances are it’s probably a fake. If you have any questions or concerns, please call the IT Help Desk at (716) 878-4357 or open a Report Suspicious Email ticket.