Ohio University

Identifying Malicious Email

What to do if you clicked on a scam link

If you clicked on a link or button in a scam email and entered your OHIO ID and password into the resulting site, you should change your password immediately. If you are unable to log into the password change tool, contact the IT Service Desk immediately.

Recognizing phishing attempts

When you receive an email claiming to be from someone you know that's requesting you to reply with banking information for a wire transfer, you've experienced a phishing attack. Phishing is when internet fraudsters impersonate someone or something you know to get you to disclose your personal information or the sensitive information of others. These attacks typically try to steal your username and password for a site, although they can also try to get other information from you as well. Anything from your bank routing information to just learning if you have an account with the site it's claiming to be affiliated with are all valuable to the criminal.

While not every unsolicited email is a phishing attack, it should be inspected for other suspicious elements that may help you identify if it's legitimate or not. A good rule of thumb is to ignore and delete the email if it has two or more of the following suspicious elements.

  • Unsolicited. Don't trust emails you weren't expecting to receive that ask for information.
  • Asking for personal or financial information. Don't reply to emails requesting this information, report them.
  • Deceptive web links. Hover your mouse on the hyperlink to view its true destination. If you don't recognize it, don't click it.
  • Variations of legitimate addresses. For example, an email address ending in @ohio-edu.org instead of @ohio.edu.
  • Fake sender's address. Click the sender's name to view their email address.
  • Requesting urgency. The attacker wants you to act quickly so you don't notice the email is suspicious.
  • Fraudulent sites often don't start with https (the s stands for secure). Never sign into websites that aren't using https.
  • Misspelled words and bad grammar. A legitimate email would proofread and fix these errors before sending.

Spear Phishing

More targeted and personalized in order to increase chances of fooling recipients, spear phishing attacks use publicly available information to impersonate target's friends, relatives, coworkers, and other trusted contacts. The attacker will gather information about you through your social media accounts or through your employer's webpage.

  • Do a web search for your name and see what results are returned. Is there any information you're not comfortable being public? Attackers can use this information to customize a phishing message for you to make it appear more legitimate.

To report a phish or ask for assistance in determining legitimacy, forward the email as an attachment to security@ohio.edu. You can learn how to forward as an attachment here.

For additional information in identifying malicious emails, visit StaySafeOnline for a wide variety of educational resources to learn how to protect yourself, your family, and your devices.