Here are ways to determine if you have received a phishing or spam email.
Look carefully at the display name – Email Address
Many spoof attempts within RPI appear to come from a legitimate student, faculty or staff because of their display name but the email address is actually not their RPI email. For example may be a gmail address which anyone can create with any name they choose. Be cognizant of this and you can always check with their RPI student, faculty or staff by contacting them by phone or by their RPI email address.
If you receive an email message that appears to be from someone you know or recognize from RPI which has been tagged as being from an [EXTERNAL] source, this should be cause for concern and further scrutiny.
Watch for urgent, unrealistic or threatening language in the subject line
Phishing attempts often try to suggest something bad will happen if the recipient does not act quickly.
Example: Your Storage is almost full, click here to sign in and verify your email to get more storage OR RPI needs you to put in your username and password to authenticate
NOTE: RPI will never ask for your password
Look but don’t click on links, images or open attachments
Hover your mouse over any images or URL links embedded in the body of the email, but don’t click on it. Open a new browser window and type the website to test OR call the company. Most links sent by RPI are going to have an rpi.edu link.
Attachments can appear as attachments but are actually a malicious link. Or attachments themselves contain malicious links within them. Malicious links may prompt you to login and then your userid and password are stolen. Or links can actually function as a form of stealing account credentials without even prompting you to login.
Phishing emails often contain links that look very legitimate such as a support email address, Sign-In, Privacy Statement, Visit the Community, click here to set your preferences.
Review for spelling mistakes
Emails that are authentic, usually do not have major spelling mistakes or poor grammar.
Inspect the salutation
Beware of emails addressed to “Valued Customer” most businesses will often use your first and last name.
Don’t give out personal information
Look for a “lock” icon at the bottom of your browser and make sure “https” appears in front of the Web address before submitting any personal or financial information this will tell you the information being transferred is secure.
Review the signature
Legitimate businesses will always provide contact details.
Don’t open attachments
If you were not expecting this attachment don’t open it.
Don’t trust the header from email address
Header lines identify particular routing information of the email – you will want to look up how to view header information for your email application
Something doesn’t look right
Even though the message includes convincing brand logos, language and valid email address – if it looks suspicious, don’t open it. When in doubt you can always contact the Help Desk.
Review the article "Steps to follow if you feel your email has been compromised" if you think your account was compromised.