You are here

Phishing

Phishing scams are sophisticated messages, typically emails, that appear to come from legitimate organizations (i.e. the university, your bank, Amazon, etc.), which are attempting to obtain your personal information (i.e. your password, account number, credit card, etc.). The message may ask you to respond with your personal information or include a link to a fraudulent website. Often, the message conveys a sense of urgency to scare you into responding immediately.

Temple will never ask you for your password, or any personal information, via email. 

How to Identify a Phishing Scam

  • Are they requesting personal information? Red flag! Trustworthy companies and organizations will never ask you for your password, social security number or any personal information via email. 
  • Does it sound too good to be true? Unexpected messages that offer money, fame, valuable gifts or anything that seems too ridiculous to be real, are better left alone. If you're uncertain, report it by opening the message and clicking the Report Phish button to have it checked and validated by the automated threat analysis system called Proofpoint, before responding.
  • Is there a sense of urgency? Scammers use threats and urgency to scare you into acting immediately. If you are concerned, always contact the organization directly whether by phone or online. Never reply to a suspicious email. 
  • Who is the email from? Hover your mouse over the name of the sender in the From column to reveal email address of the sender. While it may appear to come from a person, business or organization you recognize, the email address ending may appear to be suspicious. 
  • Are there spelling and/or grammar mistakes? While messages are becoming more sophisticated, often scammers misspell words. 
  • Are the hyperlinks within the email legitimate? Hover your mouse over hyperlinks to reveal the URL. Often the hyperlink will lead to a fraudulent site. To be safe, visit websites directly by opening a new window and typing the URL. 
  • Plain text? Logos? Email from a companies and organizations that you trust generally include the company's official logo. Often, scams are plain text. 

Please visit the Additional Resources section to learn more about how to recognize a phishing scam. 

Also, remember you can always check systemstatus.temple.edu, where reported scams will be posted. 

How to Report Suspicious Email Messages

If you receive a suspicious email, do not respond to the message or click on any links that it may contain. You can report it by opening the message and clicking the Report Phish button in your Gmail or TU Outlook/Exchange account. 

                                                                               Screenshot of Report Phish Button

By clicking the Report Phish button, your message will be evaluated using an automated threat analysis system called Proofpoint. Using the Report Phish button grabs the full content and header information of the message and helps determine the nature of the threat quicker than sending it to abuse@temple.edu. You will be notified as to the nature of the threat and what actions are taken to safeguard your privacy: 

  • Malicious messages are quarantined and/or forwarded to the ITS Information Security team for further remediation. 
  • Spam messages are removed from your account.

To access the Report Phish Button, please see the instructions below based on the email client you use to access your Temple mail: 

 

Example of a Phishing Scam Message

Example of a phishing attempt sent to members of the Temple University community in August 2018:

Screenshot of a phshing attempt email sent to Temple users

In the example above, the "Login here" link does not direct you to a correct login page (See link highlighted). You can hover over a hyperlink to reveal the URL, which will appear in the bottom left corner of the screen. To be safe, rather than clicking on links that may be fraudulent, always hover over the link to see where it directs to. 

What to do if You Responded to a Phishing Attack

Please contact the Help Desk immediately:

  • Call: 215-204-8000
  • Online and Chat: tuhelp.temple.edu
  • Visit: Room 106 of the TECH Center

Other Types of Scams

Similar to trying to obtain your personal information through a phishing email, a criminal may also resort to other means of communication such as in-person visits, phone calls, pop-up messages on your computer or text messages to manipulate or trick you into disclosing personal or confidential information in order to conduct fraud, gain system access or gather personal information about you or others at Temple University. Be mindful of these other scams and when in doubt, follow the steps below to report or check the authenticity/validity of the communication you received.      

See Something? Say Something!

We learn about phishing attempts from you and then take action to inform and protect the Temple University community. Don't hesitate to report a message to see if it is legitimate. Please report any suspicious emails by opening the message and clicking the Report Phish button in your TU Outlook/Exchange account. As explained above, by clicking the Report Phish button, your message will be evaluated using an automated threat analysis system called Proofpoint. This will help the ITS Information Security team to easily identify whether a message is a threat and should be quarantined from entering the inboxes of others. We appreciate your help! 

To learn more about how ITS is protecting the personal information of students, faculty and staff, see our Email Protection Strategies page