Access Keys:
Skip to content (Access Key - 0)
Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History

Q: What is a phishing email?

On this page:

Answer

Almost everyone has gotten an email message disguised with the subject or message, "Your account has been suspended." or "We need to verify your password." These subject lines coupled with a spoofed (simulated) return address of e.g., Administrator@mit.edu, Admin@ebay.com, or AccountsDept@(your bank).com can confuse the untrained "fish." Further, the messages themselves often contain logos, and trademarks that add to the deception.

When trying to determine if email is authentic or not, remember one very important detail: no legitimate company will ever send you email requesting your username, password, or any other personally identifying information.

Things to look for to verify if the email is a phishing email:

  • Spelling errors and bad grammar
  • Odd formatting (e.g., incorrect use of capital letters or punctuation)
  • No real person's name included either in the greeting or the signature
  • A return or reply-to email address that is spoofed. You can view "full headers" to see what is listed as the actual return address.
  • If a password is being requested, you know the email is not legitimate. No legitimate business will ever request your password. Look at what else is being requested as well (e.g., requesting your sex and country or territory is not a legitimate customer service request)
  • No mention of a phone number to call or person to contact
  • Deleting an account due to lack of response: a legitimate business doesn't follow that kind of practice
  • Includes a hyperlink that has an odd looking URL (for instance with a foreign country as the domain, or trying to match a legitimate web address but spelled differently)

Examples of "phishy" MIT emails

Emails coming from such spoofed addresses as "support@mit.edu," or "webmail@mit.edu" are asking MIT community members to confirm their email accounts by supplying their username and password.

These messages are not coming from MIT
Although these messages may appear to be coming from MIT, they are in fact from an address that has either been hacked or simulated. MIT will never ask you to confirm or supply your passwords. These messages are an attempt to steal your username and password for illegitimate purposes. DO NOT REPLY TO THESE MESSAGES! Just delete them.

To see examples of some of the email messages that are attempting to steal your passwords or other personal information see:

  • [Examples of phishing emails that appear to come from MIT].

Other phishing examples

These examples show that the "reply-to" address in the email does not match the name or organization that appears in the "from" field or it is different from what you would expect. For example, an email from the IRS would come from an address that contains irs.gov, the official IRS online address. In the second example, the "from" field shows a different name from the one listed in the return address. This information can also be verified by looking at the email's full headers.

Click on thumbnails to see the full image:

If you've fallen for a Phishing scam

Change your email password immediately. Hackers have been known to hijack an email account within 30 minutes of receiving a username and password, and using that account to send out thousands of spam messages.

To learn more

There are several ways to hone your skills for recognizing phishing emails. Here are some quizzes that other companies and schools have provided for user education:

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Last Modified:

page-info: unable to locate page


Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki