Be aware that sophisticated phishing and scam email attacks are on the rise. In some cases, the fraudulent emails appear to be legitimate.  These attacks are persistent, so continue to be vigilant and be aware of who you are responding to, especially if the message appears awkward. Below are some tips to keep in mind before responding to email.


  1. Don’t trust the display name in an email message.
     Glance at the sender’s email address. It is easy to change a display name, so look closely at the email address of the sender. Look for slight variations in the address. 
  2. Look at the salutation.
     Most legitimate companies will personally address their email recipients, so if it is addressed to ‘Valued Customer’, beware.
  3. Don’t believe everything you see.
     It is easy to get a digital image of a logo from a website and put it in an email to make it look legitimate. If the message doesn’t seem right, it probably isn’t.
  4. Check for spelling mistakes.
     Legitimate messages usually do not have major spelling mistakes or poor grammar. 
  5. Urgent requests are a warning sign of a phishing attack.
    Your account, most likely, will not expire in 48 hours if you don’t respond.
  6. Look for an email signature.
     Most senders provide details about who they are and their position, so lack of that information suggests phishing.
  7. Look but don’t click.
     Hover your mouse over any links in the body of the email. If the link looks weird, don’t click on it. 
  8. Don’t give up personal information.
     Legitimate Princeton emails will never ask for or ask you to confirm your account information, password, address, or personal information.
  9. Don’t click on attachments.
     Attachments can contain viruses or malware, so don’t open any attachments that you were not expecting.


If you think you have received a phishing email, you can do the following:

  1. Visit the OIT Phish Bowl and scan the list of recent phishing alerts. If the email is posted, there is no need to report it.
  2. If the suspicious email is not posted to the Phish Bowl, delete any attachments and report it by forwarding to:
  3. If you responded by giving out personal information or your password, report it to the OIT helpdesk (8-HELP) or to, so that we can help you reset your accounts and protect your digital identity.
  4. Delete these suspicious messages.