At some point in time, a computer user is likely to receive spoof emails (also known as phishing emails) that appear to be from a reputable organization such as a bank, or even from MSU, asking for personal details, passwords, credit card numbers, etc.
Here are some things to look for in a phishing message.
Many fake emails begin with a general greeting such as "Dear Bank Customer" or "Dear Email user." This may sometimes be formatted oddly or with strange capitalization (e.g., Dear MsU User).
Fake emails may include a forged or strange email address in the "From" field.
There may be a threat that something bad will happen if you don't act immediately. For example, claiming that your account may have been hacked, and you need to respond immediately to stop it from being closed.
Always check where a link is going before you click on it. Move your mouse over the link. Does it match the URL listed in the email message?
Any link address visible in the message text should match the real URL it actually goes to. If not, it could be a spoofed web page that could collect personal details from you or install a virus or spyware on your computer.
Don't log into a university or other web application by clicking on an email link. Type the link in your email browser or search for the application instead.
Legitimate emails from MSU or other organizations may sometimes mention the web addresses of login pages for information purposes. For your safety, always retype those URLs in your browser's address line.
Some emails can be made to look like a web page asking you to enter information.
Avoid any web address containing an @ sign. Also beware of plausible looking but false addresses (e.g., www.msu-passwordvalidate.net).
Spoof emails often contain misspellings, incorrect grammar, and odd phrasing. Bad or strange spelling (e.g., pass.wrd, passw0rd) is sometimes done deliberately to try and bypass spam filters.
Any web page where you enter personal information should have a URL that begins with https://. The "s" stands for secure. If it's only http:// then you're not in a secure web session, and you shouldn't enter any personal data.
As with fake links, attachments are frequently used in phishing emails to hide a virus or spyware. These types of attachments often also have a cryptic or intriguing message encouraging you to open them (e.g., "Here's the schedule I promised.").
Never click on an attachment unless it's something you were expecting, even if it appears to come from someone you know or deal with.
If unsure, contact the MSU IT Services Desk at (517) 432-6200 or ithelp@msu.edu.