The University (and other reputable institutions) will not ask for personal or password information in unsolicited e-mail messages, so you should NEVER respond to them nor click on any links in the message, no matter how real they appear to be. Report any suspicious phishing emails to email@example.com.
You can hover your cursor over a link (don't click!) to reveal the actual false link. In a phishing scam this often will be a URL which you won't recognize and different from what is visible. If the message contains broken English and grammatical errors that is also a telltale sign of phishing.
Knowing what to look for will help you identify a phishing scam; however, if you have any doubt at all about the validity of the message, call a contact number for the organization obtained from verifiable paper correspondence or from the telephone book. Is it phishing or legitimate? Take the SonicWALL Phishing IQ test.
Though phishing messages can vary in design or style, many contain similar elements used by attackers that can be identified to help protect users from falling victim. Below are some common tricks used by attackers to phish their targets:
Sender's actual email does not match their displayed name:
The sender attempts to make his email address look like a "binghamton.edu" address, but by looking to the right of the displayed name (or by hovering your mouse over the sender's name), we can see the actual address is firstname.lastname@example.org. Posing as a trusted sender by changing their displayed name is a common tactic used by phishing attackers.
Link in message goes to suspicious site:
Check to make sure links in messages are going to the sites they are claiming. If a message claims to be from a Binghamton University sender, links for services should be to binghamton.edu web pages.
Message asks for personal information to be sent back:
Reputable organizations will NEVER ask for personal information, especially financial
information or passwords, to be sent via email. Binghamton University ITS especially
will not demand password this type of information be sent in order to confirm an account
or prevent account suspension. Be wary of any message making these types of requests.
Message contains aspects of urgency to respond:
A common technique used by attackers is to create a feeling of urgency to respond in order to make the targets feel compelled to act quickly, and without properly evaluating the legitimacy of the request. Messages that contain demands of response or action in a short time frame, and threaten action on their part if not met, should be especially met with suspicion.