Know the red flags of fraudulent emails

Have you ever received an email that seemed to be from a trusted source but was fraudulent? Cybercriminals have ever-evolving tactics to trick you into divulging your personal data for nefarious acts — a crime known as social engineering.

The campus community is targeted by such attacks every day. Carefully scrutinize every aspect of every email you receive and look out for the following red flags:


  • Unknown sender
    Phishing email
    Click on image to enlarge.
  • Apparently reputable address but with wrong domain; e.g.,
  • Suspicious or misspelled domain


Unrecognized recipients


Day or time outside normal business hours; e.g., Sunday, 3:31 a.m.


  • Vague or suspicious
  • Unrelated to message content
  • Replies to an action you did not initiate
  • Invokes urgency or fear
Screenshot of phishing email
Click on image to enlarge.


  • Requests that you click on a link or open an attachment
  • Requests your sensitive information; e.g., Unity ID or password
  • Urges prompt action to avoid dire consequences
  • Contains misspellings or poor syntax


  • Unexpected but from known sender
  • Unrelated to message
  • Suspicious file; e.g., executable file, pdf


  • Actual link address differs from that shown in message.
    To see the actual address, hover your mouse over link (or hold a long tap on the link while viewing on a mobile device).
  • Content is only hyperlinks.
  • Misspelled hyperlink for a reputable site

Note: This information was adapted from KnowBe4 Social Engineering Red Flags.