Skip to main content

Cornell University

Cornell Email Addresses are Being Faked

How to identify spoofed email addresses

This article applies to: Faculty , IT Professionals , Security & Policy , Staff , Students

Spoofing is when the "from" address is forged by the sender so the message appears to come from someone else. Practice extra caution:

  • Whenever the subject prompts you to act quickly (using words like important, please respond, or threatens to close an account).
  • If you aren't expecting something from the person.
  • With ALL links and attachments—never click or open them unless you're 100% sure they're legitimate.

Spoofed messages often direct people to malware sites. If you have any doubt about if the email is legitimate, confirm the source before you click.

How Spoofing Happens

It's possible to make any email look trustworthy because it's really, REALLY easy to fake the "from" address.

Anyone anywhere can set up an email server and make it look like mail being sent from it is coming from any email address they want, including yours. When spoofing occurs, it is happening on systems completely out of Cornell’s control.

Be On Guard

This means you must practice caution with all emails, no matter who they are from—family, groups you subscribe to, your friends, your boss, airlines, doctors, Cornell's president, etc.

Email spoofing is prevalent everywhere. At Cornell, scammers commonly use emails to spoof "from" addresses and increase the odds that you'll see a Cornell NetID, let your guard down, and then type your NetID password into a spoofed web page.

Why Spoofing Is Used

When someone steals a Cornellian's password, they're doing it to sign in and snoop around undetected on Cornell systems. They can steal any data the Cornellian has access to until you realize something is wrong.

Cornell's email team isn't seeing a pattern to whose addresses are being used to spoof—it seems random. They are taking steps to make it harder to spoof Cornell email addresses, but there is currently no reasonable way to entirely prevent this behavior. Community awareness is our best defense.

What You Can Do

Report immediately if you believe you were tricked into clicking a potentially dangerous link or attachment. Contact Cornell's IT Security Office at

If you think your Cornell NetID was compromised, immediately change your password, then contact the IT Security Office.

Watch Essentials to Avoid Online Scams, a 7-minute Cornell video, for how to spot fraudulent emails and outsmart scammers.



To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.