Phishing scams may seem to come from a trusted source but trick you into giving up private information or taking risky actions.
Even with Cornell's security measures, YOU are still the best defense against phishing emails.
Think before you click—Quick steps
We all get phishing scam e-mails. Cornell and Microsoft try their best to block what they can, whilst still allowing legitimate e-mails into our Inboxes. But what can we do on our end?
1. Recognize
Verify the sender is who you think it is.
In Outlook, you need to hover over the name to see the email address. One of the most common tricks scammers use is to attach a real person's name to a fraudulent email address.
Get more help to recognize >>
2. Rethink
If you can't verify the sender, do not click at all. Never open links or attachments from untrusted or unexpected sources.
Watch out for emails targeted to stir your emotions. Criminals try to knock you off balance with threats, a false sense of urgency, or a deal that's too good to be true.
How: If the email refers to a known website, type that website address into a new browser window instead and check for information there.
Get more help to rethink >>
3. Report
Suspect it's a phish? Send the alert.
How: Use the built-in PhishAlarm button in Outlook, or forward the e-mail to itsecurity@cornell.edu and cc wsbnit@cornell.edu to report it.
Get more help to report >>
URL for Service or System
Related information
Who can use this service/system?
All CCE
Training Resources
Handouts:
Trainings: