Phishing is an email fraud method in which a criminal sends a sophisticated email appearing to come from a reputable business or organization, such as Temple University, including fraudulent links seeking to obtain your personal information and passwords.
Temple will never ask you for your password, or any personal information, via email.
Table of Contents
If you receive a suspicious email, do not respond to the message or click on any links that it may contain. You can report it by opening the message and clicking the Report Phish button in your Gmail or TU Outlook/Exchange account.
By clicking the Report Phish button, your message will be evaluated using an automated threat analysis system called Proofpoint. You will then be notified as to the nature of the threat and what actions are taken to safeguard your privacy:
- Malicious messages are quarantined and/or forwarded to the ITS Information Security team for further remediation.
- Spam messages are removed from your account.
To access the Report Phish Button, please see the instructions below based on the email client you use to access your Temple mail:
Open the message, then click the Report Phish button that appears in the side bar off to the right.
Open the message and click the Report Phish button that appears in the Ribbon bar off to the right.
TUmail (Exchange) - Outlook Web App
Open the message, click the three horizontal dots (…) on the right for More actions, then click Report Phish on the lower part of the menu.
To add the button so that it always appears in your Outlook Web App toolbar:
- Click on Settings , then click View all Outlook settings at the bottom of the drop down menu.
- Click Customize actions.
- Under Message surface, click Report Phish and then Save.
- Close out of the Settings window.
To access the button in Outlook Mobile, click the three horizontal dots (Apple iOS) or three vertical dots (Android) below the date or time of an open message. It will then appear on the screen. The button is not available in the Gmail app.
Additional Methods to Report Suspicious Email Messages
If you’re using an email client that doesn’t have the Report Phish button, you can continue to forward suspicious messages to firstname.lastname@example.org.
You can also check systemstatus.temple.edu to check if a phishing attack has already been reported by a cautious Owl, such as yourself.
Phishing scams are sophisticated messages, typically emails, that appear to come from legitimate organizations (i.e. the university, your bank, Amazon, etc.), which are attempting to obtain your personal information (i.e. your password, account number, credit card, etc.). The message may ask you to respond with your personal information or include a link to a fraudulent website. Often, the message conveys a sense of urgency to scare you into responding immediately.
- Are they requesting personal information? Red flag! Trustworthy companies and organizations will never ask you for your password, social security number or any personal information via email.
- Does it sound too good to be true? Unexpected messages that offer money, fame, valuable gifts or anything that seems too ridiculous to be real, are better left alone. If you're uncertain, report it by opening the message and clicking the Report Phish button to have it checked and validated by the automated threat analysis system called Proofpoint, before responding.
- Is there a sense of urgency? Scammers use threats and urgency to scare you into acting immediately. If you are concerned, always contact the organization directly whether by phone or online. Never reply to a suspicious email.
- Who is the email from? Hover your mouse over the name of the sender in the From column to reveal email address of the sender. While it may appear to come from a person, business or organization you recognize, the email address ending may appear to be suspicious.
- Are there spelling and/or grammar mistakes? While messages are becoming more sophisticated, often scammers misspell words.
- Are the hyperlinks within the email legitimate? Hover your mouse over hyperlinks to reveal the URL. Often the hyperlink will lead to a fraudulent site. To be safe, visit websites directly by opening a new window and typing the URL.
- Plain text? Logos? Email from a companies and organizations that you trust generally include the company's official logo. Often, scams are plain text.
Please visit the Additional Resources section to learn more about how to recognize a phishing scam.
Also, remember you can always check systemstatus.temple.edu, where reported scams will be posted.
Example of a phishing attempt sent to members of the Temple University community in August 2018:
In the example above, the "Login here" link does not direct you to a correct login page (See link highlighted). You can hover over a hyperlink to reveal the URL, which will appear in the bottom left corner of the screen. To be safe, rather than clicking on links that may be fraudulent, always hover over the link to see where it directs to.
Similar to trying to obtain your personal information through a phishing email, a criminal may also resort to other means of communication such as in-person visits, phone calls, pop-up messages on your computer or text messages to manipulate or trick you into disclosing personal or confidential information in order to conduct fraud, gain system access or gather personal information about you or others at Temple University. Be mindful of these other scams and when in doubt, follow the steps below to report or check the authenticity/validity of the communication you received.
See something? Say something!
We learn about phishing attempts from you and then take action to inform and protect the Temple University community. Please report any suspicious emails by opening the message and clicking the Report Phish button in your TU Outlook/Exchange account. As explained above, by clicking the Report Phish button, your message will be evaluated using an automated threat analysis system called Proofpoint. This will help the ITS Information Security team to easily identify whether a message is a threat and should be quarantined from entering the inboxes of others. We appreciate your help!
To learn more about how ITS is protecting the personal information of students, faculty and staff, see our Email Protection Strategies page.
- Microsoft - "Protect Yourself Online"
- Google - "Avoid and report phishing emails"
- Apple - "Recognize and avoid phishing messages, phony support calls, and other scams"
- Yahoo - "How can I Recognize a Phishing Website or Email?"
- PayPal - "Manage risk"
- Amazon - "About Identifying Whether an E-mail, Phone Call, or Webpage is from Amazon"
- StaySafeOnline.org - "Spam and Phishing"