Email Phishing and Spam

Technology Services encourages all members of the campus community to beware of illegitimate phishing emails designed to deceive you into sharing your credentials and other sensitive information. Remember: Technology Services will NEVER send you an email asking for your password or requesting that you “re-validate” or “update” your profile by clicking on a link in a message. 

Ways to Recognize a Phishing Message
Spam Messages Versus Phishing
How to Report a Phishing Message
Examples of Phishing Attempts

Ways to Recognize a Phishing Message

Many phishing email messages are poorly constructed, making them obviously suspect, but others may appear on the surface to be from a legitimate Puget Sound email address or external service (e.g. Microsoft, Google, Dropbox, Wells Fargo). You should always avoid clicking on links or opening attachments in email messages from unknown or suspicious sources. Be especially careful when checking email on a mobile device as many telltale signs are difficult to detect. 

Common signs an email may be phishing:

  • Comes from an unrecognized email address outside the * domain
  • Contains threats like shutting off a service or exposing information
  • Asks you to click a link for verification or upgrade
  • Links to a shared document you are not expecting
  • Hyperlinked text or buttons lead to an unfamiliar website (hover over linked text to show URL path)
  • Contains attachments with unusual file extensions
  • Sense of urgency
  • Demands payment via Bitcoin
  • Impersonates third party applications not used by the university
  • Reply-to email address does not match sending address
  • Sent outside normal business hours
  • Bad spelling or grammar
  • Display name does not match email address

Spam Messages Versus Phishing

While both spam and phishing result in receiving unwanted messages, spam is not malignant while phishing actively targets the recipient with the goal of stealing login credentials or sensitive data. Spam messages are typically unsolicited commercial emails. There is no need to report spam email messages to Technology Services unless you think it may be malicious. To handle spam emails, you can block the sender if desired then simply delete the email. 

  • In Outlook on Windows: right-click on the email, hover over "Junk" then click Block Sender.
  • In Outlook on Mac: right-click (Control + Click) on the email, hover over "Junk Mail" then click Mark as Junk and/or Block Sender
  • In Webmail (Outlook Web Access): right-click on the email, then click Mark as Junk. 

How to Report a Phishing Message

If you think you may have fallen for a phishing scam, please contact the Technology Service Desk immediately at 253.879.8585. Aside from changing your password, there are other steps needed to mitigate the risk of a compromised account.

If you are reporting a phishing email or have a question about the validity of an unexpected email message, you can simply forward the email to If you are able to send the email as an attachment for us to better investigate, please use the directions below. 

  • In Outlook on Windows: select the email, click More, then click Forward as Attachment

  • In Outlook on Mac: select the email, then click Attachment

Examples of Phishing Attempts

Check out  The Phish Tank on the Puget Sound Information Security blog for examples of recent phishing emails that have gone to campus members. Each example will have a breakdown with tips on how you can spot it. 

The Phish Tank

Learn more about the telltale signs of a phishing email with real examples!