10 ways to spot a phish

Return to top of page.
Return to primary navigation.
Skip to secondary navigation.

1. Always examine the sender of the email.

Check the email address in the email header by hovering your mouse over top of the email address. If it’s different from the address that is displayed—the message is probably fraudulent or malicious.

Even though an email might look to be from the University of Victoria or the Computer Help Desk, look closely at the "From" address. If the "From" address looks legitimate, double check the return-to address in the email composition window after clicking "reply." Be aware that from time to time, even UVic email addresses get stolen or compromised. If you receive a suspicious email from someone that you know, you should call them on the phone and verify the legitimacy of the email.


2. Check for spelling mistakes and bad grammar.

Authentic messages usually don’t have major spelling mistakes or poor grammar.  If it’s written poorly, don’t open it.

Phishing emails that use the UVic logo or other branding images make identifying the legitimacy of the email very difficult. Be sure to check for things like spelling and grammar errors and be wary of emails that aren't addressed to you personally. Phishing messages are generally sent in bulk, so they usually don't contain your first and last name. Just because an email looks like it's from UVic, doesn't mean it is! Double check with the Computer Help Desk if you're unsure.

Marketing spoof

3. Examine the URL.

If you click on a link in an email, be sure to check that the website you end up at is what you expected. In the previous example, the phishing email appeared to link to mail.uvic.ca. However, if you actually clicked on the link, you would be taken to a completely different website address that is unrelated to UVic. Do NOT enter your personal information into a page that has a suspicious website address.

Exchange spoof

4. Review the salutation and check for legitimate contact information.

If addressed to a vague “valued customer” or "dear user" it’s probably a phish. Lack of details about the sender or how you can contact them or their company strongly suggests a phish.

Unpolished grammar

5. Does the email ask for personal information?

Legitimate banks, other companies and UVic will never ask for personal credentials via email and, you should never send it via email for any reason. UVic will never ask you for your password. If you receive this kind of email, delete it right away.

These types of phishing messages ask you to reply and provide sensitive information like credit card numbers or, in this case, your password.

6. Does the email ask you to send money to cover expenses?

Any email that asks you for money to cover expenses such as taxes or fees is probably a phishing attack or a scam.

7. Are you being asked to click on links?

If the email looks unfamiliar or is unexpected, don't click on it! Copy and paste the URL into Notepad to determine if the link is legitimate.

8. Too good to be true?

Lots of phishing emails try to entice you with offers that are unbelievable. If it sounds too good to be true it probably is.

9. Are unrealistic threats being made?

Any email message that makes unrealistic threats is probably a phish (i.e., companies that threaten with account closure or some sort of loss if you don’t “act immediately”).

10. Something just doesn't look right.

If something doesn’t look right it’s a good indication that something is wrong and the email is probably fraudulent. Trust your gut.  When in doubt phone a friend or colleague and ask if they received the same email or contact the Computer Help Desk.

Phishing messages commonly include a link that appears to go to one place (e.g. the university), but actually goes somewhere else (eg. the attacker's site, which is setup to look like a university site. If you hover your mouse over a link, the real destination generally appears in the status bar at the bottom, or in a small tool tip beside the link. If it doesn't match the link text, there's a good chance you've caught a phish.

Suspicious link