Is This Email Real?
Is this email real?
As tech support specialists, we receive this question regularly. But there are ways for you to determine if an email is a phishing attempt or spam. In light of recent phishing email attempts to all of us at OSU, here are some things to consider when deciding the legitimacy of an email.
By now, we have all probably received something similar to this email. It looks real. Even looking up the sender in the OSU system, provides you with information that this person is a student at OSU with an OSU email address. However, there are several red flags with this email indicating this person’s email account has been hacked. First, consider, why would a student be sending an email for HR? But what if an HR person’s email has been hacked?
Another hint toward the genuineness of this email can be found when hovering over the “Click here” (NOTE, DO NOT CLICK! Simply hover your mouse over it). Notice the URL that appears when your mouse is hovering over the link. The first part is http://www.vertiusmc.eu, which already indicates that this email is not actually coming from OSU, nor is it something recognizable. Also, as a general rule of thumb, OSU will not ask you to “click” on something to log in to the system. As another general rule of thumb, you should never follow a link that says “Click here” or “Click on this link” unless you are 100% positive of the site you are being directed to. Hovering over the link will help tell you where the link is directing you too. Also, if it is a familiar site to you already, simply go to it instead of using an email link. For example, you have received an email to change your password. We know that to change our OSU password, we need to go to Okey.okstate.edu. So instead of clicking the link in the email, open a browser and type the URL in.
As always, if you are unsure, check your support person. They can help you determine if the email is reputable or a SPAM attempt.
Here a few quick checklist items to consider when determining a SPAM or Phishing attempt, provided by OSU Security:
- Do not trust the display name of whom the email is from. Just because it says it’s coming from a name of a person you know or trust doesn’t mean that it truly is. Be sure to look at the email address to confirm the true sender.
- Look but do not click. Hover or mouse over parts of the email without clicking on anything. If the alt text looks strange or does not match what the link description says, do not click on it – report it to email@example.com.
- Beware of urgency. These emails might try to make it sound as if there is some sort of emergency.
- Do not believe everything you see. When in doubt, have it checked out. If something seems slightly out of the norm, it’s better to be safe than sorry. If you see something off, then it’s best to report it to firstname.lastname@example.org and have it checked out.