Skip to content
  • CSUMB Home
  • IT

How to Spot a PHISH

  1. The person that sent the email has the same name as someone at CSUMB, but the email address does not end in
  2. The URL shown on the email and the URL that displays when you hover over the link are different from one another.
  3. The website is not secure. If you do go ahead and click on the link of an email to fill out personal information, be sure you see the “https” abbreviation as well as the lock symbol at the beginning of the URL. If not, that means any data you submit is vulnerable to cybercriminals.
  4. The “From” address is an imitation of a legitimate address, especially from a business. For example, you could expect to receive campus email from but email from is likely a phish.
  5. The email, text, or voicemail is requesting that you update/fill in personal information. This is especially dubious if it’s coming from a bank or the IRS. Treat any communication asking for your credentials with extra caution.
  6. The formatting and design are different from what you usually receive from an organization. Maybe the logo looks pixelated or the buttons are different colors. Or possibly there are weird paragraph breaks or extra spaces between words. If the email appears sloppy, you should be suspicious.
  7. The content is badly written. Sure, there are plenty of wannabe writers working for legitimate organizations, but this email might seem particularly amateur. Are there obvious grammar errors? Is there awkward sentence structure, like perhaps it was written by a computer program or someone whose second language is English? Take a closer look.
  8. Speaking of content, a phishing email almost always sounds desperate. Whether they’re claiming that your account will be closed, an urgent request is needed, or your account has been compromised, think twice before double-clicking that link or downloading that attachment.
  9. The email contains attachments from unknown sources that you were not expecting. Don’t open them, plain and simple. They might contain malware that could infect your system.

If you think an email is a phish, report it to Google. If you think that you’ve been phished, please contact the IT Help Desk at or by calling (831) 582-4357.

Improved name spoofing warnings in Gmail

CSUMB's Gmail service will display a warning message when an email message from outside has the same sender's name as a CSUMB user.

Information Technology

(831) 582-4357