ITS Service Desk

Spam and Phishing and Spoofing, Oh My!

It's a fact of life. Most emails that we receive are junk. Just look at your Spam folder some time and see how much of that junk Gmail is filtering out for you. But if a junk message gets through to your Inbox, what should you do? The answer to that depends on what you see.

In this article, I'm addressing three kinds of unwanted email: spam, phishing, and spoofing. It's important to understand the differences and how to handle each.


A spam message is generally understood to be an unsolicited email that is just trying to sell you something or trying to get you to click on a link.

To recognize a spam message, just look for things that don't seem right (there are many examples in your spam folder). Most spam messages contain one or more of these characteristics:

  • a message you weren't expecting
  • from a person or company you don't know
  • has a link to a web site you're not familiar with
  • uses "for sale" type language

If a spam email gets through to your inbox, it simply means that Gmail didn't filter it out for you. Therefore, it's important that you tell Gmail that it is indeed spam so that it can learn. To do that on a traditional computer, click the small down arrow in the upper right corner and select "Report spam" (you may also have a button across the top of the screen that does the same thing). Mobile apps have a similar option from the three-dot menu.

False Positives

If you're looking through your spam folder and you find an email that Gmail incorrectly marked as spam, you can click the "Not spam" button across the top so that Gmail can learn your preference.

Here is Google's article with more information on the subject:

Mark or unmark Spam in Gmail


A phishing email is much more serious than spam, in that it tries to get you to provide your account credentials by convincing you to reply to the email with the information or click a link to a site that looks real and then prompts you to enter your ID and password. Since a phishing email wants critical data, it usually tries to look official. Most phishing emails will include one or more of these characteristics:

  • the 'from' name and 'from' email don't match
  • the 'from' information doesn't make sense with the overall message of the email (i.e. a fellow student is asking you to change your password)
  • links don't go to a real "" web page
  • message body contains poor grammar or misspellings
  • message contains incorrect department names (i.e. "SNC Help Desk" is wrong, "ITS Service Desk" is correct)
  • the message asks for your ID and password

It's very important to note that ITS never sends you an email asking for your password. You may receive an email every six months reminding you that your password is about to expire. But in that case, you should always visit our password change page to do that; never visit someone else's web page or reply with your password in the email. We NEVER ask you to email your account information.

If you receive a phishing email, be sure to report it as phishing so that Gmail learns. To do that on a traditional computer, click the small down arrow in the upper right corner and select "Report phishing".

Here is Google's article with more information on the subject:

≫ Avoid and report phishing emails


A spoofed email is one that comes to you from an email address that does not actually belong to the sender. The sender actually forged the sender name and email address in the message, so that it looks like it came from a particular person, but it didn't. Spoofing is one of the most difficult things to prevent and it's even more difficult to explain. Suffice it to say that just because an email says that it came from "John Smith", it doesn't mean John Smith actually sent it.

The best way to recognize a spoofed email is that the message just doesn't seem right. Here's an example of a real spoofed message:

Subject: amazing


It is amazing what one can invent! You're going to love it, I swear! Read more here open link

Speak to you later, john.smith

Practically everything about this email is suspicious:

  • The subject line says simply "amazing". That's not a normal subject line that this person would have used.
  • The person is telling you about an invention. Again, that's not a normal thing for this user to email you about.
  • The email is signed "john.smith". Most people will simply sign their emails with their first name, and sometimes first and last, but usually never with their first and last in all lower case with a dot in the middle.
  • Perhaps the most important thing to notice is that the action the email is proposing is that you click a link. But they ask for it by saying "read more here open link". That just doesn't sound right. And the fact that they want you to click a link at all should cause you to question it.

There are some technical resources that ITS has available to help us prevent this from happening. But it's not an exact science. If you receive an email that was spoofed, mark it as spam as explained above.

Here is Google's article with more information on the subject:

≫ Someone is sending emails from a spoofed address

Spear Phishing

Yes, it gets worse. Spear phishing is a combination of a couple of the techniques mentioned above, making it even more devious. Let's start with a quick example of a real email received by an SNC employee:

From: Scott Crevier <>
Date: Wed, Feb 6, 2019 at 9:23 AM
Subject: Bank Account Update
To: <>

Hi Betty,

I changed my bank and I'll like to change my paycheck dd details, can the change be effective for the current pay date?

Scott Crevier

(The "To" address in the above email has been changed for purposes of this article.)

This is a spear phishing email because the sender has done a little homework and figured out that if they make the email appear that it came from a trusted fellow employee, the recipient may respond to it. In other words, it's a highly focused phishing attack using some knowledge of the company. Fortunately, the employee noticed right away that the email came from an AOL account, which is highly unusual for an email from a coworker.

Another example might an email from your boss or a vice president asking for a financial report or some info about an employee. Again, not only is the sender name familiar, but the content of the email may also seem familiar to your job.

The easiest way to verify an email like this it is to just pick up the phone and call the sender.

If you receive such an email, mark it as a phishing email.

Here is Google's article with more information on the subject:

≫ Avoid and report phishing emails


Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request


Article is closed for comments.