Phishing scams are used by fraudsters to trick you into divulging your personal information such as usernames, passwords, credit card numbers or bank account information, or to trick you into clicking on malicious links. They often come in the form of emails and can appear to be from organizations with whom you have a legitimate business relationship.

Why is it so effective?

Phishing scams attempt to trick recipients into responding or clicking immediately by claiming that they will lose something, often an email or bank account. In many cases, faked (or “spoofed”) websites will appear nearly identical to the actual website. In other cases users are convinced that an email is legitimate because a specific group, such as MSU faculty/staff, is targeted in the email message. This is a very common technique referred to as “Spear Phishing”.

How do I avoid Phishing Scams?

First and foremost, remember that MSU will never EVER ask for a username or password via email, and neither will ANY reputable company. Be suspicious of any email message that asks for personal information, through a website or by replying to the message itself. If you think the message may be legitimate, browse directly to the company’s web site. Never reply to or click on links in a phishing message!

I received a Phishing email. Now what?

If you receive a phishing message, forward it to and then delete it promptly. If you believe that you have given away your private information to a phishing scam, report it to the organization that appears to have sent the email. If you think you might have responded to a phishing scam with your MSU username and password, immediately change your password and notify the UIT ServiceDesk at 994-1777.