Click Wisely

Click Wisely

Be cautious of unexpected emails containing links, attachments or unusual requests.

click wisely iconPhishing is a type of social engineering attack in which the attacker impersonates someone else via email trying to trick you into revealing sensitive information, installing malware, or performing other actions that compromise security. Their goal is to steal your personal information or money. Harvard Information Security identifies and blocks millions of phish every week. Here are some strategies you can use for the ones that slip through. 

announcement icon

How to report phishing emails

forward email iconForward phishing emails to: phishing@harvard.edu.

Quick reporting from savvy people at Harvard has saved others in the past

When we receive a suspected phishing email, we check it out to determine the risk. If it is a phishing attack, we may take any of the following steps:

  • Breaking dangerous links so they don't connect to unsafe webpages

  • Blocking malicious files from being delivered to to inboxes in the future

  • Escalating the report to our security operations team to investigate compromised systems or accounts

open mail icon

How to Spot a Phishing Attempt

illustration of a fishing hook hovering over a mail envelope

Phishing can come in many different forms, from obvious-to-spot frauds to sophisticated deceptions, but they share some common characteristics. Before you take action, consider if the message you are reading contains these attributes.

  1. Does this make me feel anxious and reactive?
  2. Am I being asked to do something new, or do something normal but in a new way?
  3. Will resolving this require providing a password, money, or data?
     

link icon

How to Read Website and Email Addresses

On the Internet, things are not always as they appear at first glance. Some links hide their true destination. Some email addresses are chosen to impersonate other senders. Careful reading of these addresses can help us spot the scams.

Revealing the Address

Desktops

Hover your pointer over a link without clicking. You will see the address pop up in a box somewhere in the bottom of the window or by pointer, depending on your browser. 

Mobile Devices

Press a link and hold it until the link appears in a pop up box. In most cases, you will be given the option to follow the link, copy it, or open it in a new tab. 

When you click a link, your browser is connected to the link's address. Phishing attacks often use close looking links to trick you. Legitimate partnerships may use the Harvard name in their links, but attackers can as well. Treat these links with caution. Misspellings should never be trusted.

Be wary of clicking links sent via email or text. Open a browser and directly type the legitimate address of the website you want to visit.

Verify the Sender

fake email

Look Closely at the Sender’s Email Address

Phishing emails often come from look-alike email addresses designed to impersonate friends and co-workers. By default, Outlook and Gmail only show the display name of the sender. To read the full email address, try the following:

Mobile device? Tap the sender’s name.

Computer? Hover the mouse over the sender’s name.

Imposters will use addresses that look like the real thing but are a bit off. If you aren't sure, contact the sender via text, phone, or a different, trusted email address to confirm the message's validity.

check mark icon

Check Without Clicking, Go to the Source

illustration of magnifying glass over a website

Services

If you receive an unexpected email about a lost package, security warning, or billing change don’t click the link. Simply visit the online store or service the way you normally would. If there is really an issue, you’ll see a notification there.

illustration of two people chatting

People

If you receive an out of the ordinary request or instruction from someone you know, make sure it’s really them. Call, text, or go face to face. Don’t email to confirm, as their email may be compromised without them knowing.

illustration of smartphone and a confused emoji face

News/Entertainment

If someone sends you a link to the latest viral video or interesting bit of news, you can skip the link and use a search engine to find the content in a safer way.