Phishing is an illegal tactic where criminals send fraudulent emails to trick victims into sharing their personal information or compromise their system. The good news is at WashU we can use the Phish Alert Button whenever we’re unsure about an email’s authenticity.
Step 1: Recognize the common signs
- Requests for WUSTL Key credentials
- Urgent or alarming language
- Requests for personal or financial information
- Unexpected attachments
- Untrusted URLs
- Email addresses that don’t match the sender’s name
- Ex: IT Support Desk <sdfjkl@hmakslk.com>
- Poor grammar or spelling (less common these days)
Step 2: When in doubt, report it!
Even if you are not sure whether it’s legitimate or fraudulent, after reporting the email with the Phish Alert Button our team will analyze the email and return it to you if it is determined to be safe. Even an “unsubscribe” link can be malicious, so better to play it safe and use the Phish Alert Button.
If the email turns out to be a phishing attack, we’ll remove it and any other instances of it from WashU’s email system. This way, by reporting a suspicious email you can help protect others and our institution.