Student Faculty Collaborate


How to Recognize a Phishing Email

Phishing is an attempt by criminals to trick individuals into giving away sensitive information such as login credentials. Once given away, the attacker can potentially gain access to MCW electronic protected information or your personal financial information. The Medical College of Wisconsin utilizes the leading email filtering and protection service on the market today. No system however, including ours, will capture 100% of harmful or unwanted messages. You must remain vigilant while managing your email.

Typically, phishing emails play on your emotions by using urgent language and usually contains grammatical, typographical, or other obvious errors. Common phishing emails include warnings about your mailbox being full, shipping notices from online retailers, fake warnings from a bank, or a request to unlock your account by providing your username and password. The best defense against phishing is knowing how to identify a phishing email or website.

  1. Don't trust the display name. Check the email address in the header the verify the sender. It if looks suspicious, don't open the email.
  2. Beware urgent or threatening language in the subject line. Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your "account has been suspended" or your account had an "unauthorized login attempt."
  3. Review the signature. Lack of details about the sender or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.
  4. Check for spelling mistakes. Brands are pretty serious about email. Legitimate messages usually do not contain major spelling mistakes or grammar. Read your emails carefully!
  5. Do not open email attachments that you are not expecting or are from unknown senders. Filenames can be faked. For example, what appears to be a picture file can actually be malware that will install on your computer.
  6. Never give away your personal information. You should never send your username and password through email. This is also true of your Social Security number, bank account information, or credit card information.
  7. Be wary of links in email. Although the link may appear legitimate, clicking a link in an email could introduce a virus, result in lost data, or lead to identity theft. When in doubt, go directly to the website rather than clicking or copy-and-pasting the link.

Legitimate MCW Information Services Notifications

It is important that you know what legitimate email notifications from MCW-IS look like to make it easier for you to tell the difference between a real notification and a phishing attack. The most common phishing email is a request to unlock your account by clicking a link and then providing your username and password. 

When your MCW account password is going to expire, the system automatically generates an email advising you of this impending expiration. You begin to receive these emails 14 days prior the your password expiring. We have posted this email on InfoScope so you can become familiar with its style and format.

Test Your Detection Skills
Test your detection skills by taking these phishing quizzes:

Think you can outsmart internet scammers?
Phishing IQ Test