Identify Phishing Scams

Don't take the bait!

This page contains a number of resources to help you learn about the risks of email scams and to teach you how to recognize a scam email. Read on to learn how to foil the phisherman.

How do I identify phishing scams?

If you are unsure if an email is legitimate, ask yourself these questions before replying or clicking on a link. Always keep in mind that University administrators and IT Services personnel will never request your CNetID username or password by email. If an email claims to be from the University, IT Services, or the team and asks you to give out your private information, it is a scam.

Look at the Header

Look at the Content

Think about the Email's Purpose

Email is NOT a secure way to share sensitive information. Businesses should not ask you to send passwords, login names, Social Security Numbers, or other personal information through email. Be advised that IT Services will never request your password, nor will we ask you to change or "validate" your password at a website other than

Examples of phishing scams

Look at our sample list of email scams on our Examples page. Some scams also try to steal your personal information through ways other than email or online forms, such as by phone or fax. Remember that your bank representative will never request your private information online, by phone, or by fax.

More examples can be found at, a phishing email archive database that keeps track of many different phishing emails that are reported throughout the year.

Can I report phishing scams?

Yes. Please contact the ITS Security Team to report scams that purport to be a University service or if you are in doubt about the validity of an email. You may also report scams to the federal government which collects the information to build cases against any given attacker. To report a phishing scam to the federal government, forward the email to You can also report phishing scams to the Anti-Phishing Working Group, a volunteer organization committed to wiping out phishing scams.

Learn More

Visit for practical tips from the federal government and the IT industry to help you identify Internet fraud, secure your computer, and protect your personal information.


Visit the FTC's Identity Theft website to learn more about identity theft and how to deter, detect, and defend against it.


Carnegie Mellon University and Wombat Security Technologies have developed a fun, simple way to learn about fake URLs with an online interactive game. IT Services is not affiliated with the creation of this game or the ongoing research associated with it; however, we believe it is a good resource for anyone interested in protecting themselves from Internet crime.