Detecting Phishing Emails

A phishing email is one that tries to trick you into revealing sensitive information. The name “phishing” is given because the attackers are “fishing” for information.

Sometimes these details can be used directly to cause harm or loss, like usernames and passwords, or credit card numbers.

Sometimes the harm is less obvious – revealing your name and address may not seem very significant, but together with other bits of information may allow identity theft. The most common use of a stolen identity is to apply for a loan, pretending to be the victim.

Remembering that reputable companies and organisations will never ask you to provide them with personal information by email.

How to detect phishing emails:

  1. They are unsolicited – you didn’t ask for the email, or you’re not expecting one from that sender.
  2. They don’t give any indication that they know who you are – there is no reference to personal information that the legitimate sender would know. e.g. ‘Dear You…’
  3. There is no contact information for the sender – legitimate messages will provide a way for the recipient to validate it (often by phone).
  4. Other people (your colleagues, friends, or acquaintances) have received similar emails. Phishing is often done in batches to groups of similar people.
  5. Often the message indicates prompt or urgent response is needed. e.g. “Verify your account now or it will be deleted.”
  6. the grammar or spelling is unusual or bad
  7. the logo’s , tag lines, etc don’t look correct
  8. For University email we are using SafeLinks technology from Microsoft to protect you by doing time-of-click verification (the risk can change dynamically so needs to be verified each time you click). These links are not human readable but you can check the link at by right-click, copying hyperlink and and pasting on the decoder.
  9. For non-University email or browsers you can check if the destination doesn’t match the link text. For example: [The link actually goes to]. Most email programs and web browsers will display the actual destination of a link in a popup box (hold the mouse over the link for a moment), or in the lower left corner of the screen.

What you can do:

  1. Critically evaluate any email that requires you to reveal personal information, paying particular attention to the warning signs listed above.
  2. Contact the sender to verify the request. Look up their contact details independently of the suspicious email (e.g. Using their corporate website or a phone directory).
  3. Get a second opinion about the validity of an email. Your colleagues and friends are a good source of help – in general over 99% of recipients are able to detect when an email is fraudulent. University of Otago staff and students are welcome to ask the ITS Service Desk ( for an evaluation.
  4. If you’re uncertain about responding, don’t respond. Ask someone else, or an IT professional for their opinion.

Any views or opinion represented in this site belong solely to the authors and do not necessarily represent those of the University of Otago. Any view or opinion represented in the comments are personal and are those of the respective commentator/contributor to this site.