How to Spot a Phish

Monday 10/23/2023

Phishes are a major cyber security concern. Phishing involves fraudulent attempts to obtain sensitive information, such as login credentials, credit card numbers, or personal data. Online scams are becoming more sophisticated and believable, leaving more people susceptible to these cyber attacks. Here are some tips on how to spot phishes! 

  • Check the senders email address 

If you receive an email from an unrecognized address, there’s a likelihood that it’s a phishing email, especially if the email is urging you to click on a link or provide sensitive information. Check the sender’s email closely, as phishers will often use emails that resemble the legitimate one they are trying to pose as, but add in a symbol, an extra character, or misspell the name slightly. 

  • Be wary of urgent demands in emails  

Phishers often send emails that make you feel like you need to take action immediately due to an error, claiming your account is in danger, or urging you to claim a prize you won. If you know you didn’t enter into a giveaway prize, but you get an email saying you won something and need to provide information in order to claim it, it’s almost guaranteed to be a phish. When receiving these emails, take a moment to consider the situation. Legitimate organizations do not send emails to their customers with urgent demands to provide sensitive information.  

  • Check for misspelling or grammar mistakes 

Phishing emails often contain grammatical or spelling errors, making it an easy giveaway. Reputable organizations often have templates for emails being sent out and always maintain professional conversation, making it unlikely to have any errors in their emails.  

  • Avoid clicking on any suspicious links  

Links being sent out by phishers often contain viruses that will enable hackers to access the data stored on your device. Even if the link doesn’t contain a virus, it often still redirects you to a page where you will be required to put in your personal information that can later be used against you.  

  • Verify the identity of the sender 

If you think you are getting an email from a reputable company such as your school, bank, or a government agency, but aren’t sure and suspect it may be a phish, it’s never a bad idea to contact the organization directly and find out if they sent out the email you received. Doing this can protect you from accidentally falling for a phishing email that can lead to further consequences. You can always look up a student, faculty or staff member in the FSU directory to find their FSU official email. 

These are just a few ways to watch out for phishes and tips to keep your private information safe. To learn more visit https://its.fsu.edu/services/computer-protection-threat-response for computer protection and threat response, and the ITS Phish Tank for information about how to report and identify common phishes. If you do believe you are the victim of a phishing attempt, be sure to forward and report the email or text to abuse@fsu.edu so others can be aware.