Phishing is the attempt to acquire sensitive information such as usernames, passwords, or credit card details for malicious reasons.
Phishing emails or websites often impersonate trusted senders or sites so you’re more likely to give our personal information. These cautious habits can protect you from falling for these scams.
Spot a Phishing Email
Look at the actual address an email came from
Phishing messages often claim to be from a person or entity that may seem familiar but the email address or the actual name used does not match. For example, you might get an email from ‘Middlebury Email Support’ and the sender’s email address is XSD@123.com. In this case, you would be alerted to the scam because the email did not come from a middlebury.edu or miis.edu email address.
Take note of spelling and grammar mistakes
Most phishing emails originate from countries where English is not the native language, which can result in spelling errors and unwieldy or incorrect grammar. Some phishers intentionally include errors to try to bypass spam filters or to seem more realistic if they’re pretending to be an individual rather than an entity.
Double-check links before following them
When you hover over a link in an email message, most email clients will display the URL or destination address. If the destination address mismatches what the sender says it is, if you don’t recognize the domain, or the URL otherwise looks suspicious, do not follow the link. If an email is claiming to be from on online service or account, it’s wiser to manually browse to your usual login page rather than follow a link.
Be especially wary of all requests for money or personal information, even if they seem to be from a person you know
Even if an email is coming from one of your contacts, it’s possible that their account is compromised and being used to send spam. You should never reply to an email requesting password or personal information. Some vendors (such as legitimate financial institutions) may instruct you to contact their customer service department through a phone number that you already have. Remember, Middlebury ITS staff will never ask you for your passwords.
If you receive a suspected phishing email, please forward it to email@example.com.
Spot a Spoofed Website
If you’re on a webpage that’s asking for your credentials or personal information, always double-check the URL, especially if you got to the login page through a link someone else sent you. It’s common for phishers to imitate legitimate websites.
The best thing to do is to navigate to login pages manually. For example, it’s safer to navigate to the middlebury.edu website and search for “webmail login” than it is to log in from an emailed link. You can also bookmark logins that you use regularly.
Contact our help desk for more information or for any questions or concerns.