What is Phishing?

Phishing is the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email. The goal is typically to steal login credentials, money, or sensitive data. Phishing is not only a risk to the university, but it is also a risk to you personally. Please review this page to learn how to avoid falling victim to phishing attacks!

How Can You Identify Phishing?

Here are some ways to identify phishing in general:

  • Who actually sent the message? Did it come from someone you know? It's not unusual to receive a message from a first-time or infrequent sender, but it can be a sign of phishing. Sometimes phishing messages claim to come from someone you know, but the messages are actually sent by an address that does not belong to the individual, so always examine the sender address. Sometimes phishing messages claim to be from an organization, but the sender's address does not match the organization's email domain.
  • Does it contain urgent or emotionally appealing language? It is common for phishing messages to request immediate action, so that you might respond without thinking or asking others for advice. A common trick of phishing attacks is to offer a reward or the avoidance of a penalty.
  • Are there links or attachments? You should not open links or attachments in a suspicious message. If the message contains a link, look at the address that underlies the link (hover your mouse over the link, but do not click it). Does the domain of the link look suspicious or does it match the sender's claims (for example, a link that points to jmu.edu.scammer.com is not a JMU link)? Be suspcious of shortened URLs that cannot be verified to the sender (for example, tinyurl.com or bit.ly links). Similarly, watch out for QR codes, because the underlying links can be difficulty to determine. Also, one final tip: if you find it difficult to examine the links on your mobile device, try viewing the email on your computer.

JMU occasionally conducts phishing educational campaigns. If you'd like to see messages from a recent campaign to help you learn how to identify phishing messages, click here to skip to the image gallery below.

What to Do If You Are Phished?

If you click on a phishing message, you should immediately do the following:

  • Forward the message as an attachment to abuse@jmu.edu
  • If you provided credentials, change your password
  • Contact the IT Help Desk; a phone call is the fastest method
Where Can I Learn More?
Images from the November 14, 2023 Phishing Education Campaign

Below are images of each of the three messages from the November 14, 2023 phishing education campaign. Please click an image below to see notated ways you might have identified the message as phishing.  

Back to Top