Michigan State University needs you to help keep our network and data safe.
Faculty and staff work with institutional data daily and need to take extra precautions, especially when dealing with potential phishing messages.
- Does the from line or subject line look suspicious?
- Are there misspellings, grammar errors, or odd phrasing in the greeting or message?
- Does the message demand immediate action?
- Do the URLs in the email look suspicious when you hover your mouse over them?
- Do the URLs use “https,” which indicates a secure web session?
Spear phishing is a technique that con artists use to specifically target individuals or companies and gain access to private information or accounts. Phishing scams often rely on a reader’s tendency to simply click on the links in a message.
Be cautious of links in emails requesting you to enter your credentials on a separate website. Some links may be legitimate while other links within the same message may be fraudulent taking you to a false website to gather your personal information.
Legitimate emails from MSU or other organizations may sometimes mention the web addresses of login pages for information purposes.
Confirm with the message sender if things in the message are pointing to a possible phishing attempt. Find contact information from a business or organization’s main website that you type into your browser, not from within a suspicious message.
Don’t open an email attachment unless it’s something you were expecting, even if it appears to come from someone you know. If it’s from someone you know, but seems suspicious, call them to confirm.
As with fake links, attachments are frequently used in phishing emails to hide a virus or spyware. These types of attachments often also have a cryptic or intriguing message encouraging you to open them (e.g., “Here’s the schedule I promised”).
You can report phishing attacks to MSU. Forward the email with full headers to email@example.com. Or, use the contact form and paste a copy of the full headers into the form as part of your reporting.
You can also call (517) 432-6200 to report and see if other phishing attempts have been reported.