Emails Demanding Urgent Action
Phishing emails often threaten negative consequences unless urgent action is taken.
- Do not send messages that urge users to take quick action
- Give users plenty of notice to respond so they have time to research the message
- Ensure your subject is meaningful and non-threatening
Emails with Bad Grammar and Spelling Mistakes
Many phishing messages include bad grammar and spelling mistakes
- Run spellcheck and proofread messages for grammar before sending - beware of auto-correct
- Avoid using all CAPITAL LETTERS
Emails to groups
Emails to groups should use mail merge or distribution lists.
- Be cautious of using the Bcc: to a list and using the sender as the To: and From:
- Avoid sending to a long list of email addresses in the To: or Cc: field
Emails with an Unfamiliar Greeting or Salutation
Emails that start with “Dear” or contain phrases not normally used in informal conversation should arouse suspicion.
- Use appropriate greetings
- Use a real person’s name to sign a message
- Make sure the sender is listed in the campus directory with the same credentials
Inconsistencies in Email Addresses, Links, & Domain Names
Look for inconsistencies in sender name, email addresses, links, and domain names
- Ensure the sender email address matches the individual signing the message
- Ensure the sender email address matches the domain the message was sent from
- Use SF State approved email servers to send messages and distribute documents
- Use Client Certificates to sign messages and improve authenticity
Email messages with attachments should always be treated suspiciously.
- Avoid using images in message signatures and images of signatures in messages
- Include key content in the message body
- Use campus servers such as Box at SF State to exchange documents
- Ensure public documents can be found using campus Google search
Emails Requesting Login Credentials, Payment Information, or Other Sensitive Information
Emails that request login credentials, payment information, or other sensitive information should always be treated with caution.
- Do not send messages requesting users send sensitive information via email
- Avoid sending messages that use "Click here" links that do not show the Web address
- Avoid using link shorteners (e.g., TinyURL) that hide the destination
Email messages that direct users to login page
Phishing messages often direct users to click on a link that takes them to a fake login page that looks real.
- Use campus Single Sign-On for authentication
- Provide links on existing Web pages that users can search for or navigate to independently
- Confirm the URL (Web address) of the page the link takes you begins with idp.sfsu.edu or login.microsoftonline.com before entering your SF State ID and Password
Too Good to Be True Emails
Too good to be true emails are those which incentivize the recipient to click on a link or open an attachment by claiming there will be a reward of some nature. If the sender of the email is unfamiliar or the recipient did not initiate the contact, the likelihood is this is a phishing email.
- Avoid sending email that rewards bad behaviors – notify winners by another means
Check the message envelope
Email messages have a “hidden” message envelope called the message header. Send a test message and review the message header to see how the message travels from the sender to your recipient’s inbox. Contact IT support if you need assistance reviewing a header.
- Check the server that was used to send the message
- Check the account the message was sent from
- Check the software that was used to send the message
- Check the SPF status if message came from off-campus
For more information
The Information Security team has introduced an ongoing Information Security Awareness program for faculty and staff. This program is designed to help employees protect their sensitive information and that belonging to others. The program combines monthly advisory messages with phishing training exercises. For more information please see: Information Security Awareness program for faculty and staff guide