How To Recognise Fake Emails

Every email user is likely to receive fake or spoof emails (also known as "phishing") apparently from a reputable organisation such as a bank, or even from IT Services, asking for personal details, passwords, credit card numbers etc. Here are some tell-tale signs to look out for that give away fake messges:

  • A generic greeting. Many fake emails begin open with a general greeting, e.g. "Dear Bank Customer" or "Dear Email user" - this may sometimes be formatted oddly, e.g. with strange capitalization e.g. "Dear it services User".
  • A forged sender's address. Fake emails may include a forged email address in the "From:" field.
  • A threat that something bad will happen if you don't act immediately e.g. claiming that your account may have been hacked and you need to respond immediately to stop it being closed down.
  • Fake weblinks.Always check where a link is going before you click on it. Move your mouse over the link and look at its underlying URL in your browser or email status bar. Any link address visible in the message text should match the real URL it actually goes to. If not, it's probably a spoof website that may try and collect personal details from you or install a virus or spyware on your computer.
  • Login links in an email. Never login to a University or any other system by clicking on an email link. Legitimate emails from IT Services or other organisations may sometimes mention the web addresses of login pages for information purposes but for safety you should always retype such addresses in your browser's address line.
  • Emails that look like web pages Some emails can be made to look like a web page that is asking you to enter information.
  • Deceptive URLs. Only ever enter an IT Services password on pages the initial part of whose whose address ends in Avoid any web address containing an @ sign. Also beware plausible looking but false addresses e.g.
  • Poor spelling and grammar. Spoof emails often contain misspellings, incorrect grammar, odd phrasing etc. Bad or strange spelling e.g. "pass.wrd" or "passw0rd" is sometimes done deliberately to try and bypass spam filters.
  • Insecure connections. Any web page where you enter personal information should have an address that begins "https://" The "s" stands for secure -- if it's not there then you're not in a secure web session, and you should not enter personal data.
  • Attachments. As with fake links, attachments are frequently used in fake emails to hide a virus or spyware. Such attachments often arrive with an accompanying (and often cryptic or intriguing) message encouraging you to open them, e.g. "Hi - here's the schedule I promised". Never click on an attachment unless it's something you were expecting, even if it appears to come from someone you know or deal with.

If you do receive fake emails, just ignore and delete them. There's generally no need to inform IT Services about them as they arrive daily by the thousand! However, if you're a Nexus user, do make sure that you're using the junk mail settings available in that system. These can substantially reduce the amount of junk mail that gets through to you, including fake emails.


Service area: 

Written by IT Services. Latest revision 24 April 2015