Security Awareness: Phishing/Spear Phishing


If you suspect you have received SPAM or PHISHING email - please forward the suspect email to SPAM@DSU.EDU

Phishing is an attempt to obtain sensitive information such as usernames, passwords, and credit card or social security numbers. The attackers do so by disguising themselves as trustworthy entities. Phishing is typically carried out by email spoofing or instant messaging. It often directs users to enter personal information into a fake/malicious website that looks and feels legitimate.

How to Spot Phishing Attacks and Protect Yourself:

1: Misleading Email Addresses and Domain Names

Always double check the email address of the sender. If you receive a message is from Twitter Support, but their email address is, it is probably a phishing attempt. Attacks will often use complicated domain names to trick users into thinking the email address or the malicious site they link to is valid.

2: Mismatched URLs

One of the first things to check in a suspicious message is the embedded URLs. Oftentimes the URL will appear to be valid. However, if you hover your mouse over top of the URL, you should see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed, the message is probably a phishing attempt.

It is also important to check links from trusted email addresses. An attacker could compromise someone’s account and a send message on their behalf. Even if you know the person, hover over all links before you click them. If something looks off, call the person you know or delete the message.

3: Poor Grammar

Phishing often looks, well, fishy. Typos can be a sign that an email is dodgy as are all-capitals in the email's subject and a few too many exclamation marks.

4: Request for Personal Information

It is always a bad sign if someone is asking for your personal information. Reputable companies should never send a message asking for your password, credit card number, or the answers to your security questions. This is especially true if you did not initiate the conversation.

5: Unrealistic Threats

Take a moment to slow down and breathe before acting. Usually, threats and urgency are a sign of phishing: if you're being asked to do something to prevent your account being shut down, or within a tight deadline, its cause for caution.

6: Something Doesn’t Look Right

When in doubt, forward any suspicious or blatantly malicious emails to You can also call the Support Desk with any questions.


How to Spot Spear Phishing Attacks:

The Difference? - Targeted at You

Spear Phishing is the same as normal Phishing, but more targeted. With Spear Phishing, the attackers will make their message very personalized to you, and look like it is coming from someone above you in the University (e.g. your boss, Dr. Griffiths, Dr. McKay, etc.). They often learn who works for a specific department and only target those users, instead of sending to everyone at DSU.

Below are some tips for spotting Spear Phishing:

  1. Check the Email Address - Make sure the message is actually coming from an email, even if you recognize the sender's name.
  2. Odd Story or Request - Look at what is being requested in the message and ask yourself "Is this normal?" Would the President really ask you to go shopping for a birthday gift because she's in a meeting on a Saturday, at 7:00P PM? 
  3. Slow Down - Attackers are hoping you see a message from someone important and instinctively respond. Always double-check the details before responding.
  4. Asking for Gift Cards - This is a Red Flag. Attackers love when you purchase gift cards for them because it is a legitimate transaction that your bank or credit card company cannot reverse. Immediately report and delete any requests for gift cards.
  5. Look at Some Examples - We've included some examples from the past in the sidebar.

Print Article


Article ID: 43326
Thu 11/30/17 8:12 AM
Mon 11/13/23 3:08 PM