Perhaps email safety didn't make the cut for your official New Year's resolutions list—but you might change your mind once you see how things can go awry in this series of Think Before You Click videos.
Think Before You Click—Quick Steps
Phishing emails are scams that seem to come from a trusted source but trick you into giving up private information or taking risky actions.
Anytime you receive an email encouraging you to take action, take a moment to Recognize, Rethink, and Report.
1. Recognize
Verify the sender is who you think it is.
How: Double-click or tap the sender's name at the top of the email to view the real email address. (In Gmail, hover without clicking.)
Description of the video:
A cartoon wolf wearing a sheep costume sits at an opened laptop with a paw print logo. He types out an email and then clicks the mouse to send.
[ Music ]
A cartoon sheep, sitting at a laptop with a hoof logo, receives the email. Their eyes open wide.
Message on screen. From: kountysheepmanager@woods.net. Subject: Special Sheep Dinner!! Dear Mr. Lamb, You are invited to a Special Sheep Dinner this evening. Click Here to RSVP. Sincerely, Kounty Sheep Manager.
The sheep studies the message, and then moves the cursor across the screen toward the RSVP link.
>> Hold on there.
Think before you click.
One good way to recognize a phish or a malicious email is to verify the sender.
Double-click on the sender's name to see the real email address.
If using Gmail, move your mouse over the text, but don't click.
If using a mobile device, tap instead.
If the revealed email address isn't what you expected for that sender, beware it could be a phish.
This email is definitely a phish.
So ask yourself did you expect an email from this person or group?
Is the sender's actual email address legitimate, including the full domain after the @ sign?
If you can't verify the sender, do not click any links or take any requested action.
Instead, look carefully at the email.
If it appears suspicious, report it.
There are even more ways to recognize a wolf in sheep's clothing, but checking the sender's real address is a good step.
The wolf holds the laptop with the words Wolfrid's Yummy Sheep Recipes on the screen. He is surrounded by three frowning sheep.
Find more tips to recognize, rethink, and report on phishing.iu.edu (phishing dot I U dot E D U).
[ Sheep bleating ]
2. Rethink
If you can't verify the sender, do not click at all.
How: If the email refers to a known website, type that website address into a new browser window instead and check for information there.
Description of the video:
[ Music ]
A cartoon wolf in a sheep costume sits behind a laptop with a glowing paw print symbol on the top. The wolf types out an email and then clicks the mouse button to send.
A chicken sits behind a laptop with a glowing chicken foot symbol on the top. It cocks its head and reads an email. Janice@henagram.com. Eggciting Deals Offer!!! Dear Ms. Henrietta, Your friends on Henagram invite you to join them for a special discount offer for season basketball tickets. Claim your Henagram ticket discount now! Sincerely, Janice. The chicken is about to click on the link to claim tickets.
>> Hold on.
I would rethink this one.
If you have not verified the sender, do not click on links in emails at all.
If the email refers to a known website, type that website address into a new browser window instead to verify its authenticity.
The chicken opens a Cackle browser window and types henagram.com. Then, clicks on Discount Deals for basketball tickets. A pop up window: No discounts available at this time.
Even for trusted contacts and emails, it's a good idea to hover over the link first without clicking on it.
This should reveal a small popup with the actual destination URL.
Only click if you trust that revealed URL completely.
Hovering over the link in the email reveals bigbadwolfrid.com.
This email is definitely a phish.
So, think before you click.
There are even more ways to recognize a wolf in sheep's clothing, but not clicking any links from unknown senders is a good step.
The wolf in the sheep costume holds the laptop which is open to a page titled Wolfrid's Yummy Chicken Recipes. A sheep glares at him, as chickens blink their eyes in disbelief.
Find more tips to recognize, rethink, and report on phishing.iu.edu (phishing dot I U dot E D U).
[ Music ]
3. Report
Suspect it's a phish? Send the alert.
How: Contact your campus UITS Support Center for help on how to report it.
Description of the video:
Animation of a Wolf wearing a sheep costume. The wolf sits at an opened laptop with a paw print logo. He clicks the mouse and laughs.
[ Music ]
A pig, sitting at a laptop with a hoof logo, receives the email. Their eyes open wide.
Message on screen. From: eugene@pork barrel grants dot com. Subject: BRING HOME THE BACON!!!. Dear Student, Feeling stuck in the mud for money to get through school? If so, come to the hog trough to claim your guaranteed one-time grant award! Just use your University login (underlined) to get started. Sincerely, Eugene.
>> Good call.
The cursor moves over the message and stops at the underlined phrase: "Just use your University login." The sender ID, "login dot big bad wolf dot com" pops up.
This email looks suspicious.
The pig uses a cell phone to call the U I T S Support Center.
If a suspected phishing email targets IU in any way, you can contact the UITS support center for help on how to report it.
They will help you get the alert to IU's university information policy office, which can then evaluate the thread and minimize risk for the rest of the IU community.
Outlook users at IU can also get a one-click reporting tool that takes care of reporting the phish to the policy office for you.
At the upper right corner of the pig's screen, a square tile with a fish icon and question mark, and the words, Report Phishing. The pig clicks the icon and it turns red. Download Phishme Reporter at i u ware dot i u dot e d u.
To download this tool, search for PhishMe Reporter on iuware.iu.edu.
And to learn more ways to report, visit phishing.iu.edu/report. phishing dot i u dot e d u forward slash report.
While there are several ways to report a suspected phish, contacting UITS support center is a great way to get started.
And if you do accidentally click on a suspected phish, contact the support center right away.
The pig clicks on the underlined phrase, then calls the support center. A collie (dog) wearing a U I T S Support Center tee-shirt answers the phone.
So, feel free to squeal.
Reporting a suspected phishing scam helps protect the entire IU community.
The wolf in a sheep's costume holds a laptop with the words: "Wolfred's Yummy Pig Recipes." He is surrounded by an angry pig, sheep, and chicken.
Find more tips to recognize, rethink and report on phishing.iu.edu (phishing dot i u dot e d u).
[ Music ]
The collie, standing on its hind legs, rushes in and towers over the wolf. He has his paws on his hips and a snarl on his face.
Learn more
Take your defenses to the next level with the resources at phishing.iu.edu:
The IT Security Basics mini-course can quickly help you and your students learn how to outsmart online scammers. Delivered via an engaging comics-based format, it teaches 10 simple and effective skills to stay safe online, plus it offers a certificate.
Want to help protect your community as well? Request a "Think Before You Click" workshop for your group or class.