What does phishing email look like?

How can you tell a legitimate message from a phishing scam? Phishing messages often share these attributes:

  1. The body does not have your name in it. Most email from reputable sources will address you by name.
  2. They are sent to or sent from a nonsensical email address.
  3. They use poor language, grammar, and punctuation.

Remember: if it looks too good to be true—or if it looks utterly preposterous—it probably is.

Below are annotated examples of actual phishing messages received at UD. If you receive a message like one of these, delete it immediately.

This message looks like it comes from a UD email address, but note that the link you are asked to click is NOT a UD Web address. A UD address will always contain udel.edu (note the spelling and punctuation). In this example, the address contains udeledu.net, not udel.edu.

Even though this message claims it is not spam, note the tell-tale signs of a phishing scam.

No reputable organization will ever send you email asking you to provide private information via email.

This one is easy to spot as a phishing scam:

  • it does not come from a udel.edu email address,
  • it contains typos,
  • it contains grammatical errors and "non-fluent" English,
  • it refers to the UD community as customers, and
  • it asks for too much information.

No reputable organization will ever send you email asking you to provide private information via email.

At first glance, this appears to resemble a legitimate Apple message.

You can tell it's a phishing message because the order totals don't match, and it's not addressed to your email address specifically. 

You may also find our listing of current phishing scams useful.