How can I identify phishing?

It used to be the case that most compromises were highly technical in nature; hackers would send viruses or other inappropriate links for unsuspecting victims to download malicious software to their devices. Virus scanning software and operating system updates have largely mitigated this threat; instead hackers have turned to the next weakest link: the user. The majority of contemporary attacks now employ social engineering to get people to log in to fake websites, purchase gift cards or money orders, or otherwise steal personal information.

To spot phishing emails, look out for the following:

Unexpected messages making unexpected requests

Does this email or direct message come from an unfamiliar sender who claims to know you, or a friend who you have not spoken to in a long time? Does the list of recipients contain people you don’t know or talk to? This is particularly true if the message asks for money or personal information.

 An offer that’s “too good to be true”

It probably is, especially if important information like an employer’s address or a product’s shipping information is nowhere to be found.

Hyperlinks and sender emails appear to correspond to known domains and people, but something, sometimes a single letter, has been changed. This may require close examination; look for misspellings, dashes, or other deviations from what seems to be a legitimate domain.

 Valid name, but strange domain in email address

For example, UMBCPayroll@gmail .com, umbcpresident@yahoo .com, or financialaid413@hotmail .com

 An email requests your password, your credit card number, or other sensitive information

Email is never secure for sharing this type of information, and most trusted services should already have it. On sites which ask you to provide personal information like your credit card, look for “https” in the address bar to ensure the site is secure. UMBC will never request your password in an email.

 Request for a cell phone number

In many recent phishing messages, the hacker requests that you send them your cell phone number so that they can ask you a question.  Why would a legitimate person needing assistance not just ask you the question in the email message, rather than asking for your phone number?

 An urgent tone

If the sender says you must act now, uses fancy jargon or other intimidating language, ask yourself why.

Critically examine any email with an attachment, especially an unexpected one. If the link prompts you to “Sign In” to an account, be extra suspicious. Do not “Enable Macros” or allow similar permissions for attachments you do not trust.

 The timezone/send time of the message is unusual

For example, why would a member of the University community be sending a message with a time zone that is appropriate for eastern Europe?  Is it suspicious for a UMBC community member to send an email message at 3 am?

 Something “off”

Phishing emails often have an impersonal, awkward, unprofessional, or out-of-character tone. Many - but not all - phishing emails contain conspicuous typos, bizarre capitalization, strange grammar, or numbers used in place of letters.

If you have any questions about whether or not the mail you've gotten is legitimate, please contact the DoIT Security Department at