Report a Phishing Scam
If you receive a suspicious or questionable email, try to verify its legitimacy. If you can’t verify the email or if you suspect that it’s a phishing scam, report it.
Step 1: Verify
You can attempt to verify an email’s content by contacting through a separate channel
- the IT support center
- the alleged sender of the email
- your unit’s IT Professional.
You can also verify information by comparing it to known legitimate sources such as official Web sites or publications. For example, major University of Delaware news is likely to be featured on UDaily, and email about a major event could be verified by finding a UDaily story corroborating the information.
Step 2: Report
If you can’t verify the email’s sender or information or if you suspect that it’s a phishing attempt, report it.
- Report a phishing scam for inclusion on this blog.
- Report a phishing scam to the FTC.
- Forward phishing emails to the company being impersonated.
When reporting a phishing scam, include the complete headers and, when possible, the original source text of the message. Most email readers do not display this information automatically. While viewing the alleged phishing scam, look for an option labelled something like the following:
- Full headers (Pine)
- Internet Headers (Outlook)
- Message Source (Thunderbird)
- Open (a link at the top of the screen while reading email using Mirapoint–UD WebMail)
- Raw source (MacOS X mail)
- Show original (gmail.com and googleapps.udel.edu)
- The IT Support Center offers these links for more information on finding the full headers of a message in several different email programs: