Spot Fraudulent Emails (Phishing)
Confirm the source
- Some phishes (fraudulent email) targeting Cornell are listed at the IT@Cornell Phish Bowl.
- Some trusted emails from departments are listed at Verified Cornell Communications.
- If the request appears to be from a Cornell department, contact the department with information you find when you look up its number at Search Cornell.
- If the email isn’t listed at Verified Cornell Communications, and you don’t get a timely response from the department, contact the IT Service Desk for help.
- If it appears to be from a service outside Cornell, such as your bank, PayPal, eBay, or a credit card service, look up their contact information using a trusted source (the 800 number on the back of your credit card or by searching for the service’s official website at a trusted search engine).
Report suspected phishes to the IT Security Office. Be sure to include the entire text of the message and email headers. Use the Phish Bowl to see some phishing (fake) emails that have been spotted at Cornell.
Video: Email Phishing 101
Remote teaching and work scams
As Cornell has transitioned to remote teaching and working during the COVID-19 pandemic, online scams have changed to try and take advantage of the situation.
Attackers have sent phishing emails masquerading as Human Resources or Payroll offices. These phishes contain fake links to nonexistent Zoom meetings. Their ultimate goal is to steal your username and password via a fake Zoom login.
Log in to Zoom using official links:
- https://zoom.us/signin - Cornell community members should use the "Sign in with SSO" option. On the next page, enter in "cornell" for the domain and click continue.
- https://cornell.zoom.us/ - Click Login from the upper right corner. You may be prompted to log in with your Cornell NetID credentials, otherwise you will be automatically logged in.
As criminals gain access to more information about people, Internet fraud attempts become more sophisticated and narrowly targeted.
Gift card scams are becoming more common. Do not buy gift cards without first validating the purchase with your supervisor over a phone or video call.
Messages claiming to be from a Cornell office or official, requesting personal information and passwords.
Invitations to see photos of family or friends, greeting cards, or pleas for disaster relief assistance.
- Bogus URLs may link to imitations of legitimate, popular websites, such as eBay, Amazon, or personal banking sites. Cornell’s CUWebLogin page has even been mimicked.
Obvious clues that MAY indicate an email is a scam
It's poorly written. It may be written with ALL CAPS, have spelling and grammar errors, or it may seem fragmented.
It asks you to send personal information (Social Security, credit card, bank account, or phone numbers, passwords, date of birth, address, etc.).
It tries to scare you into reacting by creating a sense of urgency with exclamation points, words like “immediately,” or threatening to close an account.
It offers something that's too good to be true.
It has a From address that doesn’t make sense or doesn't match the domain where it really came from.
- It requests money for disaster relief or another cause.
Hover over URLs before you click
Don’t assume that what you see is where you’ll go when you click.
In many browsers and email programs, hovering over a link (without clicking) lets you see the ACTUAL URL for the link. If the underlying link is different, be very cautious. As an example, hover over the link below and look for the real link to display in your browser (often in the bottom left corner):
Also be cautious of any link that doesn’t clearly indicate where it leads, like links that say (hover over these to see what's hidden beneath):
Watch out for forged email addresses
Email links are easy to check. See how to read web addresses (URLs in email and online).
From addresses in emails are more complicated to check, but they are very EASY to fake. Anybody can make a From address look like it came from someone you trust, like email@example.com, so if you don't feel confident after checking email links, see how to check email headers.