skip navigation

Florida Gulf Coast University

Website Directory  

Business Applications

Identifying Phishing Emails

What is Phishing?
Phishing is an attempt to steal personal informartion, financial information, or your username and password for an account by misleading a user into trusting a fraudulent email or website. Why is it called "phishing"? It's a variation of "fishing" -- as in "fishing for information." Phishing has been around since the early days of the Web, when the scam du jour was pretending to be an AOL customer service agent in order to steal account information for free Internet access.

Things to Look for:
1. First, Florida Gulf Coast University, and most other organizations, are never going to ask you for your password via email, phone, or any other method. Again, we will NEVER ask you for your password under any circumstance. Your password is only for you and should never be shared with anyone else. Any email requesting your FGCU credentials is always going to be a phishing email and you should report it to helpdesk@fgcu.edu right away.

2. Phisher's will typically attempt to panic you into following their link or replying to their email. They will use things like:

  • If you do not respond within 48 hours, your account will be closed.
  • We suspect that your account has been compromised.
  • You must respond in 24 hours or further action will be taken!

3. Phisher's will usually send these emails in bulk and often do not contain your first or last name. Often they will address you like:

  • Dear Valued Customer
  • Dear Florida Gulf Coast University User
Note: Sometimes phishing emails will in fact have your name in them. These are usually referred to as "Spear Phishing" attacks and are targetted at individual users that are not sent out in bulk.

4. Look where the emails are coming from and where they go when you click 'reply'. Phishing emails will always appear to come from a legitimate source, but have reply addresses to other domains. Look at the example below:
2
Notice that it says it is From "Florida Gulf Coast University" but the actual email address it will be sent to (where it says mailto) is temple161@verizon.net. The same thing will appear if you were to reply to this email, it would show as temple161@verizon.net in the 'To:' field.

5. If the suspected phishing email has links or URLs in it that look like they could be legitimate hover over them with your mouse to see where they really take you. It is trivial to create a link going to one page, but look like it points to another. Look at the example below:
3
The URL points to woodgrovebank.com but in reality it's going to take you elsewhere.

Final Tips
Never reply to Phishing emails. If they are FGCU related please forward them to helpdesk@fgcu.edu.

FGCU and most other organizations will never ask for your account information via email.

User your best judgement, but never follow links in suspected Phishing emails. User your bookmarks or manually enter the URL instead.

Here is an example Phishing email that was recently sent to some FGCU staff and faculty. Thanks to everyone that reported this to us!
1

This is a classic example of a Phishing email. Note that it's requesting your account information, isn't directly addressing anyone, has a bad return address, and is threatening that your Webmail will be revoked permanently if you don't comply.

If you ever have a question on whether or not an email or website is fake you can always call the Help Desk at 590-1188 and we can help you out. Remember to always keep your Operating System updated, and make sure you have updated Anti-Virus and updated Anti-Spyware software installed.