It's a fact of life. Most emails that we receive are junk. Just look at your Spam folder some time and see how much of that junk Gmail is filtering out for you. But if a junk message gets through to your Inbox, what should you do? The answer to that depends on what you see.
In this series of articles, we'll address several kinds of unwanted email. It's important to understand the differences and how to handle each.
A phishing email is much more serious than spam, in that it tries to get you to respond in some way, often asking for your account credentials, by convincing you to reply to the email with the information or click a link to a site that looks real and then prompts you to enter your ID and password. Since a phishing email wants some kind of response, it usually tries to look official. Most phishing emails will include one or more of these characteristics:
- the 'from' name and 'from' email don't match
- the 'from' information doesn't make sense with the overall message of the email (i.e. a fellow student is asking you to change your password)
- the 'from' email may be a real email address, but it may also just look real but isn't; for example, instead of our familiar format of "firstname.lastname@example.org", it might be "email@example.com" or something similar
- links don't go to a real "snc.edu" web page
- message body contains poor grammar or misspellings or just doesn't make sense based on who it's from
- message contains incorrect department names (i.e. "SNC Help Desk" is wrong, "ITS Service Desk" is correct)
- the message asks for your ID and password
It's very important to note that ITS never sends you an email asking for your password. You may receive an email every six months reminding you that your password is about to expire. But in that case, you should always visit our password change page to do that; never visit someone else's web page or reply with your password in the email. We NEVER ask you to email your account information.
You may also receive an email which contains a simple request that seems harmless. For example, it may just ask you to make a purchase, and all you have to do is reply to confirm it's done. It seems harmless because you're not providing any sensitive data. But what you're doing is letting the sender know that you're a possible target for further phishing attempts, which may indeed be more serious.
What To Do
DON'T just delete the email. This can make the situation worse, because a phishing email got through without being filtered, and the senders will then continue to send more. We recommend that you report it as phishing.
Google provides this helpful article with more information: