Skip to main content

Cornell University

Fight Phishing with Safe Links

2024 Update: PhishAlarm, a new faster way to report suspicious email to the IT Security Office was made available on all Gmail web and Outlook web, desktop, and mobile interfaces.

This article applies to: National Cybersecurity Awareness Month

Phishing scams are more common now than ever before and have evolved well beyond the insincere pleas of imaginary displaced royalty hoping you’ll open a bank account for them. These days you may find that you receive a spoofed email, seemingly from your boss, asking you to purchase gift cards for them. Or you might find a too-good-to-be-true job offer unexpectedly land in your inbox.

Because phishing threats aren’t going anywhere anytime soon, and the results of falling for a scam can be dire, the university has taken steps to help protect you.

Cornell works to protect you from phishing.

If you’ve ever received a suspicious email, then you know how stressful it can be to determine if the message is a real request or an attempt to scam you. Fortunately, the university collects examples of phishing attempts in the Phish Bowl where you can search or browse reported emails positively identified as phishing attempts. Verified Cornell Communications are also available to help you confirm legitimate Cornell emails.

New to the lineup of tools and resources that protect you from phishing is Microsoft Safe Links. Malicious links sent to your Cornell University Microsoft Outlook mailbox, as well as links in other desktop, mobile, and web applications where you are signed in with your Cornell NetID, will be flagged by this security feature. Even if a web site becomes compromised after you’ve received an email, but before you’ve visited it, Safe Links will warn you if the link is risky.

How you can protect you from phishing.

The tools used by cyber criminals all have one major weakness: malicious downloads they hide inside links and requests for your personal information only work if you don’t know what to look for. Once you’ve familiarized yourself with phishing strategies, the easier it will be for you to spot them in your inbox. The National Cybersecurity Alliance has a quick breakdown of the telltale signs of a Phishing attempt. And remember, it’s not just email. Any digital communication, including a phone call, text, or social media message, can be exploited by cybercriminals.

If you use Microsoft Outlook or Teams with your Cornell ID, you can get familiar with the Warning Pages from Safe Links that help you avoid clicking through to a malicious website.

New Phish Fighting Tool for Gmail and Outlook

PhishAlarm, a new faster way to report suspicious email to the IT Security Office, was made available on all Gmail web and Outlook web, desktop, and mobile interfaces.

The new button appears in different places, depending on your device and interface. Examples and additional details can be found on the PhishAlarm instructions page.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.