As criminals gain access to more information about people, Internet fraud attempts become more sophisticated and narrowly targeted.
Beware a false sense of safety. The lack of any of these signs does not guarantee that an email is legitimate!
Don’t assume that what you see is where you’ll go when you click.
In many browsers and email programs, hovering over a link (without clicking) lets you see the ACTUAL URL for the link. If the underlying link is different, be very cautious. As an example, hover over the link below and look for the real link to display in your browser (often in the bottom left corner):
Also be cautious of any link that doesn’t clearly indicate where it leads, like links that say (hover over these to see what's hidden beneath):
Email links are easy to check. See how to read web addresses (URLs in email and online).
From addresses in emails are more complicated to check, but they are very EASY to fake. Anybody can make their From address look like it came from someone you trust, like firstname.lastname@example.org, so if you don't feel confident after checking email links, see how to check email headers.
Some fraudulent emails targeting Cornell (phishes) are listed at IT@Cornell’s Phish Bowl.
Some trusted emails from departments are listed at the Verified Cornell Communications page.
Last updated 12/09/2014