Learn to Identify Phishing Emails

Learn to Identify Phishing Emails

  • Phishing is a form of fraud in which the attacker tries to learn personal or financial information using social engineering.
  • There are two types: (1) Credential theft, (2) Download of malware.
  • Messages claiming to be from legitimate sources.
  • Criminals are getting really good at creating legit-looking messages to trick people into performing actions or divulging confidential information.
  • Identity Theft
  • Malware infections
  • Loss of personal data
  • Compromised institutional information
  • Putting friends and family at risk
  • Financial loss
  • Threats/Ultimatum
  • Incorrect Web addresses
  • No signature or contact information
  • Too-good-to-be-true offer
  • Spelling, punctuation, or grammatical errors
  • Attention-grabbing titles

Below is an example of a suspicious email containing spelling errors, suspicious links, threats to the reader and is written by a popular company.

A suspicious email targeting Teachers College.


From mail clients obscuring email addresses to advanced spoofing techniques, it is often difficult to determine if an email is legitimate or not. The TCIT security team has created a flowchart to help determine whether or not a “job opportunity email” is legitimate. We’ve also included an explanation for why each question was asked so you can learn to distinguish scams from legitimate opportunities in the future.


If something seems too good to be true, it probably is. Contact the ServiceDesk to verify if an email is a scam or not.


  • Avoid opening suspicious email attachments and following links sent in emails.
  • Be mindful of emails that just don't sound right.
  • When in doubt about the authenticity of an email, contact the sender vis PHONE (Do not email the sender).
  • Forward any suspicious emails to the service desk:
Back to skip to quick links