Phishing scams are sophisticated messages, typically emails, that appear to come from legitimate organizations (i.e. the university, your bank, Amazon, etc.), which are attempting to obtain your personal information (i.e. your password, account number, credit card, etc.). The message may ask you to respond with your personal information or include a link to a fraudulent website. Often, the message conveys a sense of urgency to scare you into responding immediately.
Temple will never ask you for your password, or any personal information, via email.
Table of Contents
- Are they requesting personal information? Red flag! Trustworthy companies and organizations will never ask you for your password, social security number or any personal information via email.
- Does it sound too good to be true? Unexpected messages that offer money, fame, valuable gifts or anything that seems too ridiculous to be real, are better left alone. If you're uncertain, report it by opening the message and clicking the Report Phish button to have it checked and validated by the automated threat analysis system called Proofpoint, before responding.
- Is there a sense of urgency? Scammers use threats and urgency to scare you into acting immediately. If you are concerned, always contact the organization directly whether by phone or online. Never reply to a suspicious email.
- Who is the email from? Hover your mouse over the name of the sender in the From column to reveal email address of the sender. While it may appear to come from a person, business or organization you recognize, the email address ending may appear to be suspicious.
- Are there spelling and/or grammar mistakes? While messages are becoming more sophisticated, often scammers misspell words.
- Are the hyperlinks within the email legitimate? Hover your mouse over hyperlinks to reveal the URL. Often the hyperlink will lead to a fraudulent site. To be safe, visit websites directly by opening a new window and typing the URL.
- Plain text? Logos? Email from a companies and organizations that you trust generally include the company's official logo. Often, scams are plain text.
Please visit the Additional Resources section to learn more about how to recognize a phishing scam.
Also, remember you can always check systemstatus.temple.edu, where reported scams will be posted.
If you receive a suspicious email, do not respond to the message or click on any links that it may contain. You can report it by opening the message and clicking the Report Phish button in your Gmail or TU Outlook/Exchange account.
By clicking the Report Phish button, your message will be evaluated using an automated threat analysis system called Proofpoint. Using the Report Phish button grabs the full content and header information of the message and helps determine the nature of the threat quicker than sending it to firstname.lastname@example.org. You will be notified as to the nature of the threat and what actions are taken to safeguard your privacy:
- Malicious messages are quarantined and/or forwarded to the ITS Information Security team for further remediation.
- Spam messages are removed from your account.
To access the Report Phish Button, please see the instructions below based on the email client you use to access your Temple mail:
Example of a phishing attempt sent to members of the Temple University community in August 2018:
In the example above, the "Login here" link does not direct you to a correct login page (See link highlighted). You can hover over a hyperlink to reveal the URL, which will appear in the bottom left corner of the screen. To be safe, rather than clicking on links that may be fraudulent, always hover over the link to see where it directs to.
Similar to trying to obtain your personal information through a phishing email, a criminal may also resort to other means of communication such as in-person visits, phone calls, pop-up messages on your computer or text messages to manipulate or trick you into disclosing personal or confidential information in order to conduct fraud, gain system access or gather personal information about you or others at Temple University. Be mindful of these other scams and when in doubt, follow the steps below to report or check the authenticity/validity of the communication you received.
We learn about phishing attempts from you and then take action to inform and protect the Temple University community. Don't hesitate to report a message to see if it is legitimate. Please report any suspicious emails by opening the message and clicking the Report Phish button in your TU Outlook/Exchange account. As explained above, by clicking the Report Phish button, your message will be evaluated using an automated threat analysis system called Proofpoint. This will help the ITS Information Security team to easily identify whether a message is a threat and should be quarantined from entering the inboxes of others. We appreciate your help!
To learn more about how ITS is protecting the personal information of students, faculty and staff, see our Email Protection Strategies page.
- Temple ITS - "How to Spot a Phishing Scam"
- Temple ITS - "Look out for Phishing"
- Microsoft - "Protect Yourself Online"
- Google - "Avoid and report phishing emails"
- Apple - "Recognize and avoid phishing messages, phony support calls, and other scams"
- Yahoo - "How can I Recognize a Phishing Website or Email?"
- PayPal - "Manage risk"
- Amazon - "About Identifying Whether an E-mail, Phone Call, or Webpage is from Amazon"
- StaySafeOnline.org - "Spam and Phishing"