Texas A&M University-San Antonio Logo
Menu

Office of Information Security (OIS)

pink tile
yellow tile

How to Self-Report a Phish?

How to detect phishes: Think FLUB-T

F is for  From: address

This is the most effective way for detecting phishes.  

Outlook on your desktop tells you when a message comes from within TAMUSA, and when it's coming in over the Internet.  If the email was sent internally, the "From" will just show the person's name e.g. "Lionel Cassin".  If the email came over the Internet, Outlook will show a name and an email address e.g. "Lionel Cassin <lionelcassin@hotmail.com>".  If the message is supposedly from a co-worker, but it's coming over the Internet, you should be very suspicious. 

Outlook on Android/iOS: Open the email and tap on the sender's name. Outlook will display the sender's email address.

L is for embedded Links

This is perhaps the weakest indicator, because so many emails today ask you to click on embedded links.  An important trick is to hover your cursor over the hyperlink and look at the destination URL in the lower left hand corner. Always think before you click!

U is for sense of Urgency

This is a classic tell. Any email that says you must do something in the next 24 hours or your account will be shut down is almost always a phish. Hustling the mark along has been an essential element of scams since the beginning of time.

B is for Bad English 

Look for odd capitalization, odd word choices, mangled sentences. It's not that the attacker doesn't know English - it's that they are re-arranging words to get around automated phishing filters.

T is for Too Good to be True

There are no jobs out there that pay you $500 a week to do occasional errands.

What do I do once I detect a phish?

  • Don't respond to the attacker.
  • From your Outlook toolbar, choose the Report Message button and select Phishing . This will both notify ITS and delete the message from your Inbox.
report-phishing-in-outlook
  • If you have a security concern or another IT related problem:
    • Go to JagWire > Employee Tab > Work Tools > ITS Helpdesk Portal
    ITS-helpdesk-portal-in-jagwire
    • Call or text the sender to a known good number, not the one listed on the phish, even if they tell you not too. The worst is that they won't answer the phone.
    • Send an email to the alleged sender's true +TAMUSA account+ and see what you get in reply.