How can I tell if an e-mail I received is legitimate or part of a phishing scam?

Phishing is a technique that hackers use in an effort to steal sensitive information like passwords and credit card numbers. E-mails that are sent out as part of a phishing operation often look genuine and appear to be from legitimate sources (e.g. your bank, an online store, your employer’s Help Desk), and this can make it difficult to decipher a real e-mail from a fake one. Here are a few tips that will help you spot the fakes.

1. Examine who the message came from

The first thing to look for is the name and e-mail address that the message came from. If you don’t recognize the person’s name or e-mail domain (i.e., the part of the e-mail address that appears AFTER the @ symbol), it’s probably a good idea to just delete the message.

Examine From Line of Email

2. Examine the spelling, grammar, and punctuation

Hackers are notorious for their poor spelling, grammar, and punctuation, so this is another huge red flag. How many punctuation mistakes can you spot in the example below? A message from a trustworthy source probably wouldn’t contain these types of mistakes.

 Examine spelling and grammar

3. Examine the hyperlinks

Whatever you do, never click on the hyperlinks found within an e-mail message unless you are absolutely certain the message is from a trustworthy source! Many phishing e-mails contain links to malicious websites which, if clicked on, may cause harm to your computer or may try to lure you into sharing sensitive information (e.g. passwords, credit card numbers).

That said, however, it’s perfectly safe to hover your mouse over the hyperlink so you can examine the web address. Without clicking on the link, simply place your mouse over the link and examine the address. In the example below, the mouse was placed over the word “Here” thus displaying this rather cryptic URL – https://c2gfs821.caspio.com.

Examine hyperlinks 

In contrast to the cryptic URL shown above, take a look at the web address shown below (which is from a legitimate e-mail sent by the IT Help Desk). The URL is http://libanswers.buffalostate.edu which is a valid Buffalo State website.

Examine hyperlinks

4. When in doubt, delete!

The bottom line is that, if there is any doubt about the authenticity of an e-mail, just delete it! If you weren’t expecting the message and don’t recognize the sender’s name and address, chances are it’s probably a fake. If you have any questions or concerns, please call the IT Help Desk at (716) 878-4357 or open a Report Suspicious Email ticket.