You've Been Phished

How to Detect a Phishing Attack

  • Messages creating a tremendous sense of urgency.
  • Look for typos or discrepancies in logos.
  • Pressure to bypass or ignore our security policies or procedures.
  • Read URLs from left to right, the last address is the true domain, for example might look like it will take you to Amazon’s website, but in fact it will take you to
  • Offers that seem too good to be true.
  • Generic greetings such as "Dear customer" or "Dear Member"
  • Emails that are work related but are sent from a personal email address, such as or
  • Websites that claim to be secure but do not use HTTPS.
  • Requests for sensitive data such as credit card numbers or account passwords. 
  • The tone or wording of the message does not sound like the sender.
  • Sites that begin with an IP addresses instead of a domain name.

Security Recommendations

 ITS Information Security strongly recommends the following for you:

  • Visit the ITS Information Security Phishing page to learn more about how to recognize these phishing emails and protect yourself and our organization from getting hooked.
  • If you have not taken the ITS Information Security and Awareness Training, now is a great opportunity to reinforce your security awareness. Click here to star.

Think before you click! If you suspect a phishing attack, report it immediately to