Q: What is a phishing email?

Answer

Almost everyone has gotten an email message disguised with the subject or message, "Your account has been suspended." or "We need to verify your password." These subject lines coupled with a spoofed (e.g., simulated) return address of Administrator@mit.edu, Admin@ebay.com, or AccountsDept@(your bank).com can confuse the untrained "fish." Further, the messages themselves often contain logos, and trademarks that add to the deception.

When trying to determine if email is authentic or not, remember one very important detail: no legitimate company will ever send you email requesting your username, password, or any other personally identifying information.

Examples of "Phishy" Emails

Emails coming from such spoofed addresses as "network@mit.edu," "support@mit.edu," or "webmail@mit.edu" are asking MIT community members to confirm their email accounts by supplying their username and password.

THESE MESSAGES ARE NOT COMING FROM MIT! They appear to be coming from an MIT email address but are in fact coming from an address that has either been hacked or simulated. MIT will never ask you to confirm or supply your passwords.

DO NOT REPLY TO THESE MESSAGES! Just delete them.

To see examples of some of the email messages that are attempting to steal your passwords or other personal information, click here.

To Learn More

There are several ways to hone your skills for recognizing phishing emails. Here are some quizzes other companies and schools have provided for user education: