How to Identify if an Email is Fraudulent
Recently, there has been an increase in fraudulent/scam emails looking to steal your personal and financial information. This makes it crucial that we become more knowledgeable and careful when choosing to respond or not. Below are some key identifiers that can help you identify if an email is authentic or not.
- They ask for personal information in an email. Legitimate job opportunities require you to apply and provide your personal information in an official application, most times on their company website. Other legitimate communication (Banking, Shopping, etc) does not require that you send personal information directly within an email thread.
In the example below, this message asks for personal information and can be a red flag. Legitimate companies will often direct you to their official website with a company domain and not to send personal information to a work email address.
- They ask to continue the conversation by text. This makes the scam harder to document. Conversations about legitimate offers should be conducted by email.
- They ask you to provide an alternate email for further communications. Transitioning the conversation away from your YSU email account allows the scammer to bypass our university email protections and carry out more malicious or invasive attacks. Below, the threat actor asks for an alternate email address.
- The email contains grammatical or spelling errors. A very common attribute of scam emails is that they do not spell check or grammar check their outgoing emails. Threat actors will often use popular companies and brands to trick you into trusting them, take extra care in reading the email for inconsistencies in spelling or branding.
- The email is from a Gmail, Yahoo, or Outlook address. Legitimate companies should email from their corporate email account or related ‘no-reply’ address. In the example below, the receiver is expecting an email from Bank of America, however, the scam email is coming from an email domain that is not consistent with Bank of America and should not be trusted.
- If it seems too good to be true, don’t trust it. Threat actors are always trying to take advantage of any type of personal situation they can, so let’s do our part to make sure they don’t succeed.
If you receive an email that contains this type of information, please utilize the “ReportPhish” button to report the email. Please do not respond to any message that seems “phishy.” If you ever have questions about whether an email is legitimate, forward it to security@ysu.edu.