Phishing and Malicious Email

What is phishing?

Phishing is an attack used by cyber criminals to trick you into giving up information or taking an action. They may be trying to get your username and password, click on a malicious link, open an infected attachment or respond to a scam. The email messages are designed to look like they are coming from someone or something you know such as a friend, TCU or a well-known agency.

Phishing and Malicious email Indicators

  1. Check the email addresses.
    • Is it coming from someone with a “@tcu.edu” email address?
    • Check the To and CC fields, is this email going to people you don’t know?
  2. Be suspicious of email addressed to “Dear Customer” or some other generic salutation or no salutation.
  3. Be suspicious of grammar or spelling mistakes.
  4. Be suspicious of any email that requires “immediate action” or creates a sense of urgency.
  5. Never click on links in emails. To find the true destination, put your mouse over the link.
    • If you follow a link you think is legitimate and it asks you for your username/password, don’t give it away, close the webpage.
  6. Be suspicious of attachments. Only open those which you are expecting even if you know the sender.
  7. Just because you got an email from your friend does not mean they sent it. Your friend’s computer or account may have been compromised.
  8. Be suspicious of emails with no contact information.
  9. Be suspicious of any message that sounds too good to be true.

Help TCU block phishing email. Forward any phishing email to phishing@tcu.edu

Reported Phishing Email Examples

Below are examples of Phishing emails reported to Security by TCU Faculty, Staff and Students. If you get a phishing email , please forward the email as an attachment to phishing@tcu.edu.

Phishing Example 1

irs phishing2

Phishing Example 2

expense phishing

Phishing Example 3

suspicious transaction phising