Quick Tips to Protect Yourself and the University
- Know the sender! Always double-check the sender's email address and do not solely rely on the display name. Scammers often design messages to appear as though they are from somebody you know, such as a supervisor or department chair.
- Think before you click! Carefully examine hyperlinks or URLs in emails and do not open attachments from unknown senders.
- Protect your password! Never email your password, submit it on a form, enter it on an unfamiliar website, or share it with anyone else.
- Trust your instincts! If something feels off or suspicious about an email, it is better to err on the side of caution.
Ways to Recognize a Phishing Message
Many phishing email messages are poorly constructed, making them obviously suspect, but others may appear on the surface to be from a legitimate Puget Sound email address or external service (e.g. Microsoft, Google, Dropbox, Wells Fargo). You should always avoid clicking on links or opening attachments in email messages from unknown or suspicious sources. Be especially careful when checking email on a mobile device as many telltale signs are difficult to detect.
Common signs an email may be phishing:
- Sense of urgency (e.g. threatening to shut off a service)
- Asks you to click a link for verification or upgrade
- Links to a shared document, invoice, or receipt you are not expecting
- Contains a financial or job offer that is too good to be true
- Display name impersonates a campus member but the email address is not *@pugetsound.edu or the message is tagged in Gmail as "External"
- Impersonates third party applications not used by the university
- Hyperlinked text or buttons lead to an unfamiliar website (hover over linked text to show URL path)
- Demands payment via cryptocurrency (e.g. Bitcoin) or gift cards
- Has a red banner in Google Mail stating "This message seems dangerous"
- Has a yellow banner in Google Mail stating "Be careful with this message"
- Sent outside normal business hours
- Bad spelling or grammar
What to do if you receive phishing
Spam Messages Versus Phishing
While both spam and phishing result in receiving unwanted messages, spam is generally not harmful while phishing actively targets the recipient with the goal of stealing login credentials or sensitive data. Spam messages are typically unsolicited commercial emails. There is no need to report spam email messages to Technology Services unless you think it may be malicious. To handle spam emails, you can block the sender if desired then simply delete the email.
- In Google Mail:
- Option 1: Click the exclamation mark to report spam
- Option 2: Click the three dots next to the reply button then click Report spam
- To block a sender, click the three dots for more options then click Block
- In Outlook on Windows: right-click on the email, hover over "Junk" then click Block Sender.
- In Outlook on Mac: right-click (Control + Click) on the email, hover over "Junk Mail" then click Mark as Junk and/or Block Sender.
Note: If Google Mail inaccurately flags a legitimate message as suspicious, click Looks safe on the yellow banner.