Access Keys:
Skip to content (Access Key - 0)

Q: What is a phishing email?

On this page:


Almost everyone has gotten an email message disguised with the subject or message, "Your account has been suspended." or "We need to verify your password." These subject lines coupled with a spoofed (simulated) return address of e.g.,,, or AccountsDept@(your bank).com can confuse the untrained "fish." Further, the messages themselves often contain logos, and trademarks that add to the deception.

When trying to determine if email is authentic or not, remember one very important detail: no legitimate company will ever send you email requesting your username, password, or any other personally identifying information.

Things to look for to verify if the email is a phishing email:

  • Spelling errors and bad grammar
  • Odd formatting (e.g., incorrect use of capital letters or punctuation)
  • No real person's name included either in the greeting or the signature
  • A return or reply-to email address that is spoofed. You can view "full headers" to see what is listed as the actual return address.
  • If a password is requested, you know the email is not legitimate. No legitimate business will ever request your password. Look at what else is being requested as well (e.g., requesting your sex and country or territory is not a legitimate customer service request)
  • No mention of a phone number to call or person to contact
  • Deleting an account due to lack of response: a legitimate business doesn't follow that kind of practice
  • Includes a hyperlink that has an odd looking URL (for instance with a foreign country as the domain, or trying to match a legitimate web address but spelled differently)

Examples of "phishy" MIT Emails

Emails coming from such spoofed addresses as "," or "" are asking MIT community members to confirm their email accounts by supplying their username and password.

These messages are not coming from MIT
Although these messages may appear to be coming from MIT, they are in fact from an address that has either been hacked or simulated. MIT will never ask you to confirm or supply your passwords. These messages are an attempt to steal your username and password, or to install malware on your computer. Don't open attachments you aren't expecting, or click on any links in a "phishy" message - Report phishing messages to the IS&T Security Team

To see examples of some of the email messages that are attempting to steal your passwords or other personal information see:

  • [istdraft:Examples of phishing emails that appear to come from MIT].

Other phishing examples

These examples show that the "reply-to" address in the email does not match the name or organization that appears in the "from" field or it is different from what you would expect. For example, an email from the IRS would come from an address that contains, the official IRS online address. In the second example, the "from" field shows a different name from the one listed in the return address. This information can also be verified by looking at the email's full headers.

sample phishing email 1

sample phishing email 2

sample phishing email 3

If you've fallen for a Phishing scam, follow these steps

Change your email password immediately. Hackers have been known to hijack an email account within 30 minutes of receiving a username and password and using that account to send out thousands of spam messages.

See also

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

April 06, 2022

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
c-email-security c-email-security Delete
spam spam Delete
phishing phishing Delete
john john Delete
larkin larkin Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
This product/service is:
Easy to use
Difficult to use

This article is:
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki