How Do I Identify Suspicious Emails & What Do I Do With Them?

Question

Answer

All faculty, staff and students should follow these steps when they receive a suspicious or unusual email.

TECH TIP: If an email looks suspicious or if you don’t recognize the sender, please report it to IT Security by using the “Report” button in Outlook or forwarding it to phishing@uncw.edu. Remember, do not click on any links or open any attachments from the email.  

 

Identifying a Suspicious Email
 

  1. Do you trust the person the email was sent from?
  2. Does the email include an attachment? If the answer is "Yes," proceed with caution. ask yourself a few key questions before deciding whether to open the attachment.
    • If you think the attachment is suspicious, then report the email to IT Security.
    • Were you expecting an attachment associated with the email?
    • Does the attachment align with the sender's job responsibilities?
    • Hover over the attachment & inspect the file type.
      • Common file types: .pdf, .txt, .docx, .csv, .pptx, .vsdx
      • Concerning file types: .exe, .zip, .html, .iso
      • If you are unfamiliar with the file type or attachment or are unsure, report the email to IT Security.
    • Is the attachment password protected? Is this expected? Threat actors often use password-protected attachments to bypass security tools. Follow these guidelines:
      • Any unexpected email with a password-protected attachment should be treated as suspicious. Report the email to IT Security.
      • If an email includes a password-protected attachment and provides the password in the message, treat it as suspicious and report the email to IT Security.
        Note: Some official university messages may instruct you to derive a password using known information, but legitimate emails should not include the actual password in the message. 
  3. Does the email have grammar/spelling errors?
  4. Do not click on any links in an email you think may be suspicious.
    1.  Instead, report the email to IT Security.


Reporting A Suspicious Email 
 

Use the "Report" Button In Outlook
 

  1. On both Mac and PC, you can find the “Report” button in your toolbar. The icon is represented by an exclamation point inside a shield.

    The Report icon is represented by an exclamation point inside a shield.
     
  2. Click on the "Report" button and/or use the down arrow to select "Report Phishing". 
     
  3. On both Mac and PC, a warning message will appear before you report the email. After reporting, a confirmation box will display. Below are examples from each system.

    Report Phishing confirmation message from Outlook on a PC - Thanks for reporting
    Report Phishing confirmation message from Outlook on a Mac - Thank you for reporting suspicious emails to TAC.
     

Send it to phishing@uncw.edu
 

  1. If you think you have received a suspicious email, forward the email to phishing@uncw.edu.
     
  2. Once it is forwarded, delete the email.
  3. After forwarding the suspicious email, you should receive a confirmation email from phishing@uncw.edu.

*Please note: If you did not receive a confirmation email, please know that your submission was received successfully. We are aware that some users are not receiving confirmation emails, and are working with Microsoft to ensure future confirmations are delivered reliably.


After Reporting a Suspicious Email
 

  1. IT Security will investigate and take appropriate remediation actions as situations dictate.
     
  2. If needed, IT security may reach out to you directly with next steps. 
 

If you need further assistance, please send an email to phishing@uncw.edu or CHAT with TAC.

100% helpful - 4 reviews
Print Article