Phishing or spoofing is when the recipient of a fraudulent email is tricked into disclosing personally identifiable information, such as their username and password, social security number, date of birth and/or credit card numbers. Although most phishing scams are received through email, they can also come in the form of a text or a phone call (a.k.a. vishing).

How to recognize a phishing email

  • The email is unsolicited and will ask you to confirm or provide personal information, such as your username and password, social security number, date of birth and/or credit card numbers. Legitimate institutions never ask for this information via email or text.
  • The message contains a link to a spoofing website that looks real but does not match the name of the institution that it is claiming to represent.
  • The language or tone used is typically urgent or exciting and creates a sense of urgency. For example, they may threaten to close your account if you do not respond.
  • There is a file attached that you are asked to open. Although it may look like a legitimate file, it may be an executable file that downloads malware or other harmful viruses.
  • The email has an unusual From or Reply To address instead of an address.
  • The message may have grammatical, spelling or other editing errors.

Tips to avoid getting phished

  • Only enter your username and password when you initiate the action. For example, browsing to and logging in is fine because it is a legitimate system.
  • Only provide information over a secure website to people you know and who have the authority to request the information. For instance, forms created on DePauw’s Google Apps for Education will have a secure Web address that starts with and you must be logged into your DePauw Google Apps account to access the form.
  • Keep your virus protection software, browser and operating system up-to-date with the latest recommended security patches and updates.
  • When you receive suspicious or unsolicited emails, never click on any links, never open attachments and never reply with personal information.

Report phishing emails

When you suspect you have received a phishing email, forward it to and then click the Report spam button in your email to remove it from your inbox.

Additional resources

Google: Prevent & report phishing attacks

Updated: 1/17/2017