Skip to main content

Help! I received a suspicious email.

What should I do?

  1. Don't click on any links.  Clicking unsolicited links can be harmful to your computer or device.
  2. Don't open any attachments.  Attachments may contain viruses or malware that can damage your files, steal your passwords, or spy on you.
  3. Verify with the sender using another medium.  If there's a chance that the email may actually be legitimate, you can verify the authenticity of the email, but be sure to use another means of communication.  For example, you can verify emails from your bank or mortgage company by going to the company's official website and calling the customer service phone number that is posted there.
  4. Report the incident. Forward your suspicious emails to This will help us monitor and prevent reoccurring emails.


A real life example of an email with a spoofed sender address.

How to Identify a Phishing Email

Below are the steps that we take in the Technology Department to identify suspicious emails.  You can use these steps to improve your own ability to recognize malicious emails and prevent yourself from becoming a victim.

Be sure to check both the sender's display name and their email address.  Does the email address seem to make sense in relation to the display name?

  • Example: If John Smith from Bank of America emails you, he probably won't have an email address that looks like

The domain name is the part of the email address after the @ symbol.  It should typically match a legitimate website.  Look for slight variations in domain name.

  • Example: Target's website is "", not "".

Hover your mouse over the links in the email without clicking on anything.  Most email programs will display the link's destination of where the link will take you if you were to click it.  Does the destination match the link description?  If not, the email may be suspicious.

  • Example: The link reads "National Voter Assistance" but the link's destination is "".

Look for unnatural things that humans would be unlikely to write. Is the email addressed to your username instead of your actual name? Are there multiple recipients? Is the body of the email just a link to a website with lots of letters and numbers?

  • Example: "hello JSmith"
  • Example:
Read the email content and use common sense.  Would your bank request your account password?  Would the Department of Elections need you to confirm your vote via email?  Would a Nigerian king really need you to send him a money order?  If it doesn't logically make sense, the email is probably not legitimate.