Learn to spot a phishing message with a few common examples.

This is not a comprehensive list, but these are some of the most common phishing attacks. 

If you receive any messages like this, report them using the Phish Alert Button.

Email addresses and names have been redacted to protect the privacy of the recipient. In addition, harmful websites and phone numbers have been redacted. 

Internship Scam

Screenshot of a phishing message regarding an internshipHow do we know this is a phishing message?

The first red flag is the address that you are asked to respond to an @outlook.com address from your personal email. Authentic internship offers will come from an email address that is not from a free provider such as Gmail, Outlook.com, Yahoo, etc. Asking you to respond from a personal email instead of a school email doesn't make sense. 

In addition, this offer seems too good to be true. If there is a promise of high pay for little to no work, it is too good to be true. 

Fake Invoice Scam

Screenshot showing a phishing message with a fake invoice How do we know this is a phishing message?

If you receive any unsolicited messages informing you of an order that has been placed, it is probably a phishing attempt. 

The first step is to check your credit card and bank accounts to ensure that no fraudulent charges have been made. If you see anything suspicious, call your bank to report the charges. 

Next, further examine the message. In this example, the address shown at the top is a gmail.com address. Any reputable online service will send the message from an email address at their own domain. We also see no information about what company is sending this message. A real order notification will include branding for the company that sent it. 

In this example, there aren't many details about what service or product we have supposedly been charged for. At the bottom of the message, we see a phone number to call. 

This scam counts on you calling that number to ask for the order to be canceled. During the call, the scammers will attempt to get information from you to steal your identity. 

Storage space almost full

Screenshot of a phishing message warning about full storage space.How do we know this is a phishing message?

First, the from address at the top appears to be a real Microsoft address. In reality, the address is account-microsoft365.com. Microsoft would use microsoft.com or office.com.

Next, the MICROSOFT 365 ADMIN text is not how Microsoft would start a message. We would see the Microsoft or the Office logo. (Note that even a fake message could include these logos.)

The last paragraph is trying to scare you into requesting more storage space. According to this message, if you do not add additional storage, you will not receive any new email messages. 

The URL we are asked to visit appears to be real. microsoftonline.com is a domain that Microsoft uses for Office 365 services. However, if we hover over the link, we see that it takes us to a malicious website. This URL will most likely try to steal your Microsoft account credentials. 

A malicious URL disguised as a real Microsoft URL


Account deactivation

Screenshot of a phishing message stating that your email account is being transitioned to a new systemHow do we know this is a phishing message?

The from address at the top is shown to be an iup.edu address. However, this message came from an IUP account that was compromised. In this case, the from address is not enough to determine if it is a phishing message. 

The message asks you to go to a forms.gle link. This is a Google Forms link that will most likely ask you for your email credentials. 

The last paragraph states that failure to follow those instructions will result in deactivation of your email. Here the scammers are adding a sense of urgency, hoping that you will ignore the warning signs and click the link out of fear that you will lose access to your email account. 

Messages from impostors

Screenshot of a phishing message with an urgent requestHow do we know this is a phishing message?

This message was addressed to an officer in a student organization, supposedly from the president of that organization. The president usually contacts the officer through IUP email addresses. This message was sent from a gmail.com address. 

If you receive a message like this, make sure that you recognize the address that it came from. 

The biggest red flag in this message is the “urgent request.” Regarding phishing, the more urgent the message, the more suspicious you must be. 

Also, notice that the message asks for a response via email instead of a phone call. Wouldn't a phone call be faster than an email? This was said to prevent the officer from calling the president via phone and ruining the scam.