Skip to main content


Be cautious of links in emails requesting you to enter your credentials on a separate website. eight-bit sparty


Phishing is an online scam involving email messages appearing to be from a trusted source. A type of phishing, called spear phishing, is especially problematic.

Spear phishing is a technique that con artists use to specifically target individuals or companies and gain access to private information or accounts.

With spear phishing, hackers disguise themselves as a trusted source by sending an email with a request to provide personal information, such as log in and password information. When the person gives the information by replying to the email or via a website link provided, the criminal goes into the account and takes what they want.

MSU or other reputable organizations will NEVER send emails requesting your NetID/account and password combination.

To know...

Legitimate institutions such as MSU or financial institutions will not request personal or financial information through an email or a non-secure site.

Be wary of messages demanding immediate response and requesting passwords, bank accounts, or threatening to suspend or terminate your account.

A good first check:

Look at the sender's email address. Does it make sense? Is it from someone you know? If you don't know the person or the email account is not associated with the actual organization, look up the number for the institution and contact them to verify its authenticity. Do not use any phone numbers provided by the suspected sender.

Be wary of links within emails. You can’t always tell if a website is legitimate based on how a site looks.

A good first check:

Hover over a link in the email with your cursor. Does it use https://? Generally, a secured site uses https:// for added security protections when dealing with personal information, while an unsecured site uses http://.

Image of a phishing link in an email message

To do...

If you're unsure about whether a message is legitimate, contact the financial institution, business, or organization.

Don't click on direct links within a possible phishing email.

Phishing scams often rely on a reader's tendency to simply click on the links in a message. Often links listed will appear legitimate, but will actually take you to a false website to gather your personal information.

Don't use the telephone numbers or email addresses found within a possible phishing email or on a site linked in the email.

Search for contact information online or use the contact information on your bank card, etc.

You can report phishing attacks to MSU.

Forward the email with full headers to Or, use the contact form and paste a copy of the full headers into the form as part of your reporting.

You can also call (517) 432-6200 to report and see if other phishing attempts have been reported. Then delete the message.

Read more phishing tips and tricks.

What could happen...

Phishers could take stolen account credentials and sell them to criminals who could use your email or account to send huge volumes of spam. They could also gain access to your personal and financial information.

If you've responded to a phishing message, it's important to act quickly to minimize possible damage to your finances and credit history.

If you think you've compromised your MSU NetID:

  1. Immediately change your password at
  2. If you need further assistance, call IT Service Desk at (517) 432-6200.

If you think you've compromised other information such as your Social Security number or banking information:

  1. Contact your financial institution or trusted business immediately.
  2. File a police report. Obtain a copy of the written report as proof for creditors.
  3. After the attack, if your personal information has been compromised, you should file a fraud alert with the credit reporting services and perhaps review your credit reports to determine if any fraudulent activity appears. The Federal Trade Commission (FTC) has more complete information on what to do if you are a victim of identity theft.