Phishing & Suspicious Email

What is Phishing?

Phishing is an online attempt to gain sensitive information (login info, credit card details, money, etc.) by pretending to be a trustworthy entity.

Spear Phishing is phishing that is targeted toward a specific individual or organization. Criminals are targeting you and other members of the SRU community with phishing schemes to trick you into revealing your personal information and SRU password. They are hoping to gain access to your personal and financial information, as well as sensitive university information and access to SRU resources.

Learn to Spot Phishing attempts

Malicious emails typically:

  • Use urgent language and may ask you to validate, verify or update your account.
  • Ask for personal information such as passwords, bank account numbers, user names and/or credit card numbers.
  • May have grammatical, typographical, or other obvious errors.

Learn to recognize Phishy links:

  • With your mouse, hover over the link to see the actual address where the link is directing you.
  • Note the entire URL. Criminals may use pieces of legitimate URLs but not the exact thing.

How good are you at catching a Phish?  Take this Phishing Quiz

Phishing Examples: What to Watch For

If you are questioning whether an email or web page is fraudulent, remember these two points:

  • SRU will never ask you to validate your account or provide your password in an email.
  • Compare examples of a fraudulent email and an email SRU actually sends to people.

This Email is a Fraud

Clues that indicate this email is fraudulent:

  • It directs you to a non-SRU website. With your mouse, hover over the link to see the actual address where the link is directing you. In this case, the URL that the link goes to is an offsite location. Do not click the link if it looks wrong to you.
  • It asks you to update your account or it will become inactive. SRU will never ask you to validate or verify your account. SRU accounts only become inactive when you leave the University and are no longer eligible for an account OR your account has been reported as compromised and disabled. Learn more about Compromised Accounts.
  • The "From" address is fake. Although it says, "Slippery Rock University of Pennsylvania", the actual email lists someone at "" as the sender. Beware, because criminals can forge the "From" addresses to look real.
Example email appearing to be from a university domain and with a university copyright. However the link within the body of the email is a fraudulent site".

This Email is Safe

Clues that indicate this email is safe:

  • It does not ask you to verify or validate anything.
  • When you hover over the link, it directs you to our SRU web page.
  • It does not ask you to click on a link to change your password.
Example email from a university domain containing a legitimate university link"

If You Suspect a Phish

You can report suspicious emails:

  • Phishes that appear to impersonate an SRU address or service. Phishing attempts will often impersonate SRU communications. If a phish contains an SRU email address, SRU logo or branding element, is addressed to students, faculty, and/or staff, or uses other key words targeting our SRU community, please report it. Send the entire message with full email headers to

Key Points to Remember

  • Use caution with emails asking you for personal information.
  • Be suspicious of any request for personal information.
  • Verify that the request is legitimate before you provide any information.
  • Do not send personal information via email.

If You Get Caught

If you gave personal information in response to a phishing email or on a suspicious web page, your account may be compromised.

  • Change your SRU password and follow the instructions under "Compromised Accounts". Do NOT set your password back to something you have used previously.
  • Carefully review any online account that may be vulnerable as a result of responding to the message.

Recent Scam Alerts