Identify Phishing E-mails

Here are 6 tips to help identify phishing emails that may appear as coming from the U of S or involve your University account.

1. Check the sender’s from address.

Depending on your email program, you may only see the name of the sender. We recommend confirming the sender’s email address. There are a number of ways to do this but if you forward the message you should see the complete name and email address of the sender. If senders address is not a U of S email address, it is likely a phishing attempt.

Example: Look at the sender’s address on this previous phishing attempt. Password Expires

2. Look at the signature.

Many scammers will not bother to look up the complete name of the group/unit they are trying to impersonate. Instead they may make up a generic name or add credentials to appear legitimate.

Example: Look at the signature on this previous phishing attempt. Password Expires

3. Confirm the actual URL of the hyperlink.

To do this, move and hover your mouse cursor over the link, you should be able to see the actual hyperlink. It will appear either as a popup or if you are using PAWS email, it will appear at the bottom left of the window.

Here a two examples that might appear within an email. A word or more may be hyperlinked (Click Here to go PAWS)  or a URL within the body can be hyperlinked (  Notice that both addresses do not go to PAWS?

If the hyperlinked address is different from the address that is displayed or intended location, the message is probably fraudulent or malicious.

4. Check for poor spelling and grammar.

Official announcements from the University will be reviewed for spelling, grammar, and validity. If a message contains either poor spelling or grammar, it probably didn’t come from the University.

5. Review the message and see if it asks for personal information or makes threats.

The University will never ask for your personal information once you have been admitted as a student or hired as an employee. Similarly, we will never require your password or threaten to turn off your services if you do not validate your account.

6. Trust your judgement if something doesn’t look right.

If you receive a message and you are unsure about it, we recommend contacting the department/college directly. You should be able to find their contact information by searching the USASK pages.


You might be asking… What about my personal email and on-line accounts?

Please reference the links below for general tips for identifying phishing attempts for all accounts.