Skip to page content

Email Phishing

Phishing emails may appear legitimate, but they are usually identifiable by certain characteristics. If you experience a phishing attempt, please report it to Help Desk.

Screenshot of email header with email address information

The From or Reply To email address is a different domain or slightly different spelling than the official email address.

Did the Email Actually Come from Someone That You Trust?

Where did the email originate? Although the from in the following example appears valid, if you look closely, you'll see that the mailto: is a Gmail account instead. If they don't match, this is definitely a phishing attempt.

Official email from A&M System components will usually not originate from Gmail accounts. Don't be fooled by similar spellings, either (i.e.

Is This Really the Site That You Wanted?

Screenshot of the email message shows the visible address is different from the actual address on mouse hover

Where will the links take you when you click on them? When you hover your mouse cursor over links in an email, you should look to see whether the displayed link actually matches the text of the link in what you see when you are not hovering over it.

In this case, when you hover over the link address in the email message, you will see a very different link that would take you to an unsecure site. This is a good indication that the email you are viewing is a phishing attempt.

Avoid the Bait of a Phishing Scam

Online con-games are designed to prey on unsuspecting recipients with attention- getting emails that appear to come from legitimate institutions.

Examples include:

  • Financial institutions such as banks, savings and loans, or mortgage accounts
  • A shipping or packaging company that has the words 'Delivery Failure' in the subject line
  • A fake email from an FBI Director, CIO or other high-ranking individual
  • A message from "your" help desk or email service asking for account information, passwords or other personal information

The messages may ask you to 'update,' 'validate,' or 'confirm' account or email address information, or will include links that direct you to a site that looks like the actual Web site.

The purpose is to trick you into divulging personal information or to download malicious code that can record all keystrokes including passwords or copy contact list information to scam friends and family or commit other crimes in the your name.

More Information

File a Complaint

Tarleton Rule: Electronic Information Resource Complaints