Phishing and Suspicious Email

Owned by Aaron Schanz (Deactivated)
Last updated: Mar 06, 2023 by Daniel Jeski
3 min read

About is Phishing

Criminals use malicious email and websites to try to trick you into revealing your password or other sensitive information or to infect your computer with malware. Phishing email often uses urgent language, asks for personal information, and has grammatical, typographical, or other obvious errors.

Got Phished! Now What?

If you've interacted with (entered username/password) or gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised. Follow the instructions on our Got Phished! Now what?

On This Page


How to Spot Phishes

If you receive an email, be sure to consider the following:

  • Does the URL look right? 
    • On your smartphone or tablet, press the link and hold down until a dialog box appears containing the URL.
    • On your computer, hover over the link with your mouse. The URL will usually appear in the lower left corner of your window.
  • Does the login screen look right? Do not enter your NetID password unless you are sure it is safe.
  • Are you expecting the document or link? Be suspicious of unexpected emails sharing documents and links you are not expecting. If you are not sure, contact the sender (preferably via text message, phone, or an alternative email address) and ask if they shared a document with you.
  • Do you know the person sharing it? Consider the message suspicious if you do not know the person the message is from. Be aware, though, that phishers often use compromised accounts to send their messages, and they can also forge the sending address. If you feel at all unsure, call the person and ask if they shared a document or link with you.
  • Can you tell what the document is? Is it clear to you from the document title and message what the document is and why it is being shared with you? Phishers often send vague messages that just say a document has been shared with you. They rely on your curiosity. Do not open suspicious shared documents just to see what they are.
  • Beware of flattery. Customized emails complimenting their research and asking them to look at a shared document or link related to it. If it looks suspicious, do not log in.

Phishing resources you can use

Report Phish

If you need more information or assistance with verifying any email messages, please do not hesitate to contact your local IT support team. You can also contact the ITS Security Department at itsecurity@listserv.syr.edu or the ITS Service Center  at 315.443.2677 and help@syr.edu.

For all suspicious emails that appear to impersonate a Syracuse University address or service, send the entire message with full email headers (if possible) to itsecurity@listserv.syr.edu

For Gmail phishes that appear to impersonate a Syracuse University addresses, services, or personnel, send the entire message to ITS Security Department and /or  ITS Service Center.

  1. In the message you would like to report, click the down arrow or 3 dots More 3 dots(more) next to the Reply arrow and select Show original.
  2. In the Original Message screen, click Download Original to download the page as a .txt file.
  3. Compose a new message, attach the file you downloaded, and send the new message and attachment to ITS Security Department and /or  ITS Service Center.



Some content of this page may have been derived with permission from Safe Computing at University of Michigan