How Can I Tell if an Email is a Phish


This phishing simulation was authorized by the VPUO.


How Can I Tell if an Email is a Phish?


laptop computer with a magnifying glassIn this phishing simulation your password was not captured.The University will not ask for passwords or other sensitive data via email or by linking directly to a web form.

Online criminals have many techniques at their disposal to fool not only you, but to overcome traditional online security procedures. When you recieve a phishing attack it is up to you to identify them as potential threats.

To tell if an email is a spear phishing attempt, be aware of emails and messages that:

  1. Ask you to click on a link or open an attachment.
    Hover over any links to see if they are authentic.
  2. Request sensitive data.
    As mentioned, the University does not. The CRA will not. Your bank will not.
  3. Create a sense of urgency.
    If you receive such an email, find other ways to verify if the content is true.

In many instances, a phishing email will direct you to an imitation website that appears legitimate, but attempts to steal your password or other sensitive data.

If an e-mail ever asks you to deal with an urgent opportunity or problem on a site you use regularly, don't click on it. If you're worried you can always open a new browser window and navigate to the site using a trustworhy method you're familiar with.

Learn More

It has been estimated that 91% of all cyber attacks start with a spear phishing email. Help protect our organization by learning how to spot, and how to report, spear phishing emails.