Montana State University
IT Center Home > Tip of the Month: Phishing Is No Joke!

MSU IT Center

Renne Library Commons
P.O. Box 173240
Bozeman, MT 59717-3240
406-994-1777 |

Chief Information Officer

Jerry Sheehan

Chief Security Officer

Rich Shattuck

Tip of the Month: Phishing Is No Joke!

Security Tip of the Month graphic

What is Phishing?

Phishing scams are used by fraudsters and try to trick you into divulging your personal information such as usernames, passwords, credit card numbers or bank account information, or to trick you into clicking on malicious links. They often come in the form of emails and can appear to be from organizations with whom you have a legitimate business relationship.

How do I know if an email is legitimate?

Unfortunately it can be difficult if not impossible to know for sure if an email is legitimate simply by looking at it. Any emails requesting that you send them personal or account information such as a password is almost certainly a scam. No legitimate organization would request personal information through email, nor would any legitimate business ever ask you to provide your username and password over email. If there is any question about whether or not the email is legitimate you should contact the organization that appears to have sent the email.

If you ever receive an email claiming to be from MSU that asks you for your username and password, you should delete it immediately. If you receive an email from MSU that you weren't expecting and it asks you to open an email attachment or click on a URL, you should confirm that it is legitimate even if you know the individual that appears to have sent it .

What should I do if I receive an email that might be legitimate?

If you receive an email that you believe may be legitimate and you might need to act on, the only way to be sure you are not being taken advantage of is to close the email, ignoring all links, attachments or phone numbers included, and open your web browser to navigate to the website you know belongs to the organization and log in that way or call the phone number you know is theirs to speak with somebody. If you receive an email from MSU and you are not sure if it is legitimate, you can always contact the MSU Helpdesk at 994-1777 or and they will be able to help confirm whether it is a valid email or not.

What should I do if I receive a spam or phishing email?

If you receive a message that you know is phishing or spam, do not click on any links and delete it. If you wish to assist us with improving our filtering, please forward the message to along with the complete header. In Outlook, the complete header is viewable and can be copied from the "Options" tab - be sure to contact the Help Desk for assistance with obtaining message headers from your particular email client.

Gmail users

can perform the following steps to alert Google.

To report spam (an unsolicited junk email message)

Select the suspected message, then click the Report spam icon located in the tool bar above the message (see red arrow).

Report spam toolbar icon

To report phishing

  1. Click the down arrow located in the top right corner of message (see arrow 1).
  2. Click the Report phishing link (see arrow 2).

Report phishing link

  1. Click the Report Phishing Message button.

Report phishing fraud window

Help us prevent spam

Send the header information of suspected email messages to
To gather the header information

  1. Click the down arrow (as shown in step 1 above).
  2. Click the Show Original link.

In the window that opens copy all of the information that comes before the message text (down to the dotted lines that divide the sections). Paste this info into an email and send it to This will help us prevent other users from receiving similar emails.