Access Keys:
Skip to content (Access Key - 0)

Q: What is a phishing email?

Answer

Almost everyone has gotten an email message disguised with the subject or message, "Your account has been suspended." or "We need to verify your password." These subject lines coupled with a spoofed (simulated) return address of e.g., Administrator@mit.edu, Admin@ebay.com, or AccountsDept@(your bank).com can confuse the untrained "fish." Further, the messages themselves often contain logos, and trademarks that add to the deception.

When trying to determine if email is authentic or not, remember one very important detail: no legitimate company will ever send you email requesting your username, password, or any other personally identifying information.

Things to look for to verify if the email is a phishing email:

  • Spelling errors and bad grammar
  • Odd formatting (e.g., incorrect use of capital letters or punctuation)
  • No real person's name included either in the greeting or the signature
  • A return or reply-to email address that is spoofed. You can view "full headers" to see what is listed as the actual return address.
  • If a password is being requested, you know the email is not legitimate. No legitimate business will ever request your password. Look at what else is being requested as well (e.g., requesting your sex and country or territory is not a legitimate customer service request)
  • No mention of a phone number to call or person to contact
  • Deleting an account due to lack of response: a legitimate business doesn't follow that kind of practice
  • Includes a hyperlink that has an odd looking URL (for instance with a foreign country as the domain, or trying to match a legitimate web address but spelled differently)

Examples of "phishy" MIT emails

Emails coming from such spoofed addresses as "support@mit.edu," or "webmail@mit.edu" are asking MIT community members to confirm their email accounts by supplying their username and password.

These messages are not coming from MIT
Although these messages may appear to be coming from MIT, they are in fact from an address that has either been hacked or simulated. MIT will never ask you to confirm or supply your passwords. These messages are an attempt to steal your username and password for illegitimate purposes. DO NOT REPLY TO THESE MESSAGES! Just delete them.

To see examples of some of the email messages that are attempting to steal your passwords or other personal information see:

Other phishing examples

These examples show that the "reply-to" address in the email does not match the name or organization that appears in the "from" field or it is different from what you would expect. For example, an email from the IRS would come from an address that contains irs.gov, the official IRS online address. In the second example, the "from" field shows a different name from the one listed in the return address. This information can also be verified by looking at the email's full headers.

Click on thumbnails to see the full image:

If you've fallen for a Phishing scam

Change your email password immediately. Hackers have been known to hijack an email account within 30 minutes of receiving a username and password, and using that account to send out thousands of spam messages.

To learn more

There are several ways to hone your skills for recognizing phishing emails. Here are some quizzes that other companies and schools have provided for user education:

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

April 30, 2013

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-email-security c-email-security Delete
spam spam Delete
phishing phishing Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki