Phishing scams are sophisticated messages, typically emails, that appear to come from legitimate organizations (i.e. the university, your bank, Amazon, etc.), which are attempting to obtain your personal information (i.e. your password, account number, credit card, etc.). The message may ask you to respond with your personal information or include a link to a fraudulent website. Often, the message conveys a sense of urgency to scare you into responding immediately.
Temple will never ask you for your password, or any personal information, via email.
Table of Contents
- Are they requesting personal information? Red flag! Trustworthy companies and organizations will never ask you for your password, social security number or any personal information via email.
- Does it sound too good to be true? Unexpected messages that offer money, fame, valuable gifts or anything that seems too ridiculous to be real, are better left alone. If you're uncertain, report it by opening the message and clicking the Report Phish button to have it checked and validated by the automated threat analysis system called Proofpoint, before responding.
- Is there a sense of urgency? Scammers use threats and urgency to scare you into acting immediately. If you are concerned, always contact the organization directly whether by phone or online. Never reply to a suspicious email.
- Who is the email from? Hover your mouse over the name of the sender in the From column to reveal email address of the sender. While it may appear to come from a person, business or organization you recognize, the email address ending may appear to be suspicious.
- Are there spelling and/or grammar mistakes? While messages are becoming more sophisticated, often scammers misspell words.
- Are the hyperlinks within the email legitimate? Hover your mouse over hyperlinks to reveal the URL. Often the hyperlink will lead to a fraudulent site. To be safe, visit websites directly by opening a new window and typing the URL.
- Plain text? Logos? Email from a companies and organizations that you trust generally include the company's official logo. Often, scams are plain text.
Please visit the Additional Resources section to learn more about how to recognize a phishing scam.
Also, remember you can always check systemstatus.temple.edu, where reported scams will be posted.
If you receive a suspicious email, do not respond to the message or click on any links that it may contain. You can report it by opening the message and clicking the Report Phish button in your TUmail account.
-- Watch a quick video on the Report Phish button. --
By clicking the Report Phish button, your message will be evaluated using an automated threat analysis system called Proofpoint. Using the Report Phish button grabs the full content and header information of the message and helps determine the nature of the threat quicker than sending it to firstname.lastname@example.org. You will be notified as to the nature of the threat and what actions are taken to safeguard your privacy:
- Malicious messages are quarantined and/or forwarded to the ITS Information Security team for further remediation.
- Spam messages are removed from your account.
To access the Report Phish Button, please see the instructions below based on the email client you use to access your Temple mail:
Example of a phishing attempt sent to members of the Temple University community in August 2018:
In the example above, the "Login here" link does not direct you to a correct login page (See link highlighted). You can hover over a hyperlink to reveal the URL, which will appear in the bottom left corner of the screen. To be safe, rather than clicking on links that may be fraudulent, always hover over the link to see where it directs to.
Similar to trying to obtain your personal information through a phishing email, a criminal may also resort to other means of communication such as in-person visits, phone calls, pop-up messages on your computer or text messages to manipulate or trick you into disclosing personal or confidential information in order to conduct fraud, gain system access or gather personal information about you or others at Temple University. Be mindful of these other scams and when in doubt, follow the steps below to report or check the authenticity/validity of the communication you received.
With the COVID-19 pandemic, unemployment fraud has been an increasing issue in the United States as scammers use stolen information, such as Social Security numbers and date of births, to file fake jobless claims during a period of high unemployment, according to state and federal officials.
Many people are unaware that they are a target of this scam until they receive some form of notice from their state’s office or employer regarding an application for unemployment benefits.
If this happens to you, and you have not filed a claim for unemployment benefits, it means that a scammer may be fraudulently using your personal information and that you should act fast by taking the following steps to protect yourself:
- Report the fraud to your employer. Temple University employees should report the fraud to Human Resources Labor and Employee Relations by email at email@example.com or phone at 215-926-2290.
- Report the fraud to the state. If you work in Pennsylvania, more information on how to report someone filing for benefits using your identity can be found on the Pennsylvania Office of Unemployment Compensation website. If you work in another state, report the fraud to the appropriate state unemployment benefits agency. It is best to keep for your records any confirmation or case number you receive after filing a report.
- Report the fraud to the Federal Trade Commission (FTC). You can report the fraud to the FTC by visiting IdentityTheft.gov and they will assist you with next steps for a recovery plan.
- File a police report. File a police report to your local police department. A copy of the police report must be provided to the Office of Unemployment Compensation.
- Review your credit reports and monitor online accounts. Review your credit reports frequently for free through AnnualCreditReport.com. This can help you identify a new scam quickly. You should also monitor your online accounts for suspicious transactions or updates. You can also sign up for an Identity Protection service through various companies and insurance policies, such as homeowner’s and renter’s insurance.
- Review your online exposure. You can see whether your email accounts, phone number and other personal information have been involved in a data breach through the website haveibeenpwned.com to help you review your online exposure.
- Lock down your login for websites. Make sure you follow cyber safe practices for securing your login by creating unique passwords for all accounts and using multi-factor authentication, such as Duo, wherever possible.
We learn about phishing attempts from you and then take action to inform and protect the Temple University community. Don't hesitate to report a message to see if it is legitimate. Please report any suspicious emails by opening the message and clicking the Report Phish button in your TU Outlook/Exchange account. As explained above, by clicking the Report Phish button, your message will be evaluated using an automated threat analysis system called Proofpoint. This will help the ITS Information Security team to easily identify whether a message is a threat and should be quarantined from entering the inboxes of others. We appreciate your help!
To learn more about how ITS is protecting the personal information of students, faculty and staff, see our Email Protection Strategies page.
- Temple ITS - "How to Spot a Phishing Scam"
- Temple ITS - "Look out for Phishing"
- Microsoft - "Protect Yourself Online"
- Google - "Avoid and report phishing emails"
- Apple - "Recognize and avoid phishing messages, phony support calls, and other scams"
- Yahoo - "How can I Recognize a Phishing Website or Email?"
- PayPal - "Manage risk"
- Amazon - "About Identifying Whether an E-mail, Phone Call, or Webpage is from Amazon"
- StaySafeOnline.org - "Spam and Phishing"