The contents of phishing/malware/scam emails vary widely, but many make the same basic mistakes. Follow the tips below to help identify these potential phishing/malware/scam emails.

Not every phishing/malware/scam email will contain these warning signs, but many do. Always  exercise caution when dealing with email: if something seems suspicious or unusual about a message, report it or try to verify its legitimacy. Don't automatically trust every email. 

As an MSU-Northern user, if a phishing attempt you receive targets MSUN in any way (e.g., Uses MSUN or MSU branding, asks you to provide personal or other types of private information, asks you to click on a link and enter your usernameand password, etc), report the email to

Tips for recognizing a Phishing/Malware/Scam Attempt Examples
Check the sender.
Sometimes the sender will fake, or attempt to fake ("spoof"), the return address of an email. Don't just check the name of the person sending you the email, check the address. If the "from" address doesn't match the alleged sender of the email, or if it doesn't make sense in the context of the email, it's probably not legitimate.
  • An email claims to come from the chancellor, but it's from "" instead of an "" address.
  • An email claims to come from your friend Bob Jennerick, but the sender is ""
  • Why would the MSU president be sending you an invoice? 
  • Why would someone from a Connecticut university be telling you to verify your email?
(In)sanity check.
Many typical phishing emails are mass-produced using templates or generic messages. While sophisticated attacks may produce more convincing fake emails, scammers looking to hit as many different inboxes as possible may send out large numbers of mismatched and badly written emails. If the email's content is nonsensical or doesn't match the subject, it's probably not real.
  • An email has the subject "Important documents," but the message itself is about your email account running out of storage.
  • An email has a generic subject like "warning" and the message is a request for you to enter personal information or click on a suspicious link.
Check the links.
A large number of phishing emails try to get victims to click on links to malicious websites in order to steal data or download malware. Always verify that link addresses are spelled correctly, and hover your mouse over a link to check its true destination. Always beware of shortened links like, http://goog.le, and   Use a website like to expand the URL to find out where it goes.
  • An email tells you to click on a link to "" to reset your password, but you know the password portal is a  "" address.
  • When hovering over a link to "," you notice that the link actually goes to ""
Don't open suspicious attachments.
Some phishing emails try to get you to open an attached file. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device. If you get an unexpected or suspicious attachment in an email, it may be phishy.
  • An email asks you to "Kindly Validate your email account via the above attachment", ask yourself why validating an email account would involve a document.
  • An email tries to get you to open an attached "invoice" but you don't remember purchasing anything and don't recognize the return email address.
Don't believe names and logos alone.
With the rise in spear phishing (email targeted towards a specific individual, organization or business), threat actors may include real names, logos, and other information in their emails to more convincingly impersonate an individual or group that you trust. Just because an email contains a name or logo you recognize it doesn't mean that it's trustworthy. 
  • An email includes the MSUN logo, but it makes a request for your account information and password. (ITS will never  ask you to email a password)
  • An email claims to come from your bank, but uses an old logo.
  • An email claims to come from the dean of your college, but the sender is a "" address.
Don't give up personal data.
Some phishing emails will ask for your sensitive personal data, such as your account password or your Social Security number. Legitimate organizations will not ask you to provide this information over email. 
  • An email asks you to verify your account by typing in your username and password.
  • An email asks you to provide W-2s, tax information, or other personal documents.
Don't let them scare you.
Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, it's probably phishy.
  • An email warns, "confirm your account password or your account will be shut down."
  • An email tells you to pay the attached "invoice" or "face legal action."
Check the salutation.
Many business and commercial emails from legitimate organizations will be addressed to you by name. If an email claims to come from an organization you know but has a generic salutation, like "Dear Account Holder", or "Dear Customer", be cautious.
  • An email claiming to come from your bank is addressed "Dear webmail user", or just "Dear ,"  instead of "Dear John Smith."
  • An email claiming to come from one of your favorite stores is addressed "Dear customer," but the store's emails are normally addressed "Dear Tom Miller."
Check for poor spelling and grammar.
Typically, official emails from organizations you trust will not be rife with spelling and grammar errors. If an email claims to come from a legitimate organization but contains numerous errors, it's probably not legitimate.
  • An email reads, "Click to verify now you're account."
  • An email claims to come from the "Montana State Univercity" and asks you to "open this imporant document imediately."

If you still aren't sure, verify!
If you think a message could be legitimate, but you aren't sure, try verifying it. Contact the alleged sender through a separate channel, such as on the phone or in person (not by replying to the mail), to ask about the message.

If you received an email instructing you to check your account settings or perform some similar action, go to your account page separately to check for notices or settings. For example, log in to Facebook they way you normally would and navigate to your settings instead of using a link that claims to go to your account page.

  • You get a request from a coworker for files that person doesn't normally use, so you walk to her office to check whether she really sent the request.
  • An unexpected email claiming to come from a social media site tells you that you need to change the password to your account. Instead of following the password reset link in the email, you open the site in a new browser tab and manually log in to check your settings.