Since the PhishAlarm feature was introduced earlier this year, more than 6,000 potential threats have been reported. This number is only expected to rise as generative AI is making it easier than ever for hackers to automate their scams and make their attempts look less suspicious. As members of the Cornell community in a digital world, it’s everyone’s responsibility to learn how to identify and defend themselves from phishing.

8 Signs the Email Might Be a Phishing Attempt

The more you know about what phishing emails have in common, the easier it will be to spot them. Here are some tips to help you evaluate a suspicious email: 

• Does it contain an offer that’s too good to be true?  
• Does it include language that’s urgent, alarming, or threatening?  
• Is it poorly crafted writing riddled with misspellings and bad grammar? 
• Is the greeting ambiguous or very generic?  
• Does it include requests to send personal information? 
• Does it stress an urgency to click on an unfamiliar hyperlinks or attachment? 
• Is it a strange or abrupt business request? 

• Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com.

  -National Cybersecurity Alliance, Phishing

Reporting Phishing at Cornell

When you’re sure it’s phishing, report a suspicious email with PhishAlarm. 

When you’re not sure it’s phishing:

1. If the email appears to be an official communication from the university, check Verified Cornell Communications. 

2. Check the Phish Bowl. 

3. Consult with your IT support staff or the IT Service Desk. 

Reporting Phishing at Home

If you suspect that your personal email has been targeted by a phishing attempt, report it and block the sender. 

• Report a phish on Outlook. Block a sender on Outlook.
• Report a phish on Gmail.  Block a sender on Gmail.
• Report a phish on Mac Mail. Block a sender on Mac Mail.
• You can’t report phishing on Yahoo! Mail, but you can block a sender on Yahoo! Mail

Phishing Can Go Beyond Email

Have you ever received a text that claimed your address information was incorrect and package from USPS wouldn’t be delivered until you updated that information? Or how about a phone call that warned you that purchases had been made with your credit card at a big box retailer or online store? It’s an unfortunate fact that phishing has evolved beyond email. Scammers will phish in your text messages and phone calls, so it’s important to be wary whenever you receive an unexpected request for personal information or money.