Search within:

Identifying Malicious Email

What to do if you clicked on a Link

If you clicked on a link or button in a scam email and entered your OHIO ID and password into the resulting site, you should change your password immediately. If you need assistance changing your password, contact the IT Service Desk at 740-593-1222 or

Phish Bowl

The Phish Bowl is a new tool designed to promote phishing awareness. Phishing is the top social attack on businesses, responsible for more than 90% of security breaches. There is no concrete way to prevent phishing attacks, meaning awareness is our strongest line of defense. As wide-impact phishing messages are reported, they will be posted on the Phish Bowl along with a verdict and a date. Phishing messages come in a variety of formats. Be sure to check out types of phishing messages to see common phishing attempts the University receives.

Recognizing phishing attempts

Phishing is when internet attackers impersonate someone or something you know to get you to disclose sensitive information, such as your password or credit card details. Anything from your bank routing information to learning if you have an account with a particular service are all valuable to the criminal. While not every unsolicited email is a phishing attack, it should be inspected for other suspicious elements that may help you identify if it's legitimate or not. A good rule of thumb is to ignore and delete the email if it has two or more of the following suspicious elements.

Our video, Spot the Signs of Phishing, provides useful information about recognizing phishing emails. 

Signs of Phishing Messages

  • Unsolicited. Don't trust emails you weren't expecting to receive that ask for information.
  • Too good to be true. If it sounds too good to be true, it probably is. Part-time job scams often offer to pay an exorbitant amount of money for a simple task.
  • Asking for personal or financial information. Don't reply to emails requesting this information, report them.
  • Deceptive web links. Hover your mouse on the hyperlink to view its true destination. If you don't recognize it, don't click it.
  • Variations of legitimate addresses. For example, an email address ending in instead of
  • Fake sender's address. Click the sender's name to view their email address.
  • Requesting urgency. The attacker wants you to act quickly so you don't notice the email is suspicious.
  • Fraudulent sites often don't start with https (the s stands for secure). Never sign into websites that aren't using https.
  • Misspelled words and bad grammar. A legitimate email would proofread and fix these errors before sending.

Types of Phishing Messages

  • Email impersonation or spoofing is a forgery of a message so it appears to have originated from a legitimate sender. This is a popular tactic by attackers as the recipient is more likely to open a message from a familiar source. These attacks often turn into gift card scams, where the attacker influences the individual to buy gift cards.
  • Part-Time Job Scams often target college students or alumni who may be searching for job opportunities. These scams are fake job offers that are usually too good to be true, offering high wages for little work. Be wary of any unsolicited emails with this characteristic, especially ones that send a check prior to you beginning any work. The scammer often will request you to wire a portion of the check back to them, and you will lose that amount of money.
  • Emails tagged as malware have been identified to contain a link or an attachment that directs your machine to install malicious software. Generally, malicious software can delete or steal personal information, slow down your computer, encrypt your files and hold them for ransom, or display unwanted advertisements.
  • Extortion email messages threaten the recipient and demand a payment, often in the form of a cryptocurrency like Bitcoin. A popular extortion category is known as sextortion, where the attacker will claim they have malware installed on your computer that captured embarrassing photos of you. Attackers may also leverage previously breached credentials for services tied to your email address to provide a level of authenticity to their message.
  • Vishing is a type of social engineering attempt that takes place over the phone. A random number or spoofed phone number calls and a bad actor attempts to collect valuable personal information by claiming they are a debt collector or other type of customer service representative.
  • Spear Phishing email messages are more targeted and personalized in order to increase chances of fooling recipients, spear phishing attacks use publicly available information to impersonate target's friends, relatives, coworkers, and other trusted contacts. The attacker will gather information about you through your social media accounts or through your employer's webpage.
    • Tip: Do a web search for your name and see what results are returned. Is there any information you're not comfortable being public? Attackers can use this information to customize a phishing message for you to make it appear more legitimate.

To report a phish or ask for assistance in determining legitimacy, forward the email as an attachment to You can learn how to forward as an attachment here.

For additional information in identifying malicious emails, visit StaySafeOnline for a wide variety of educational resources to learn how to protect yourself, your family, and your devices.