Phishing is a term used to describe email messages that appear to be from a trusted entity, but are actually from someone attempting to trick you into divulging private information such as passwords and financial account numbers. These messages typically encourage you to click a link that takes you to a fraudulent website where you are asked to login and/or submit private information which is then captured by the scammer. These scammers can then use this information to commit identity theft, withdraw funds from your financial accounts, or access password-protected sites as you.
In addition to studing the anatomy of a phishing email on this page, you can learn how to recognize, report, and stay vigilant on the Stay Safe From Phishing Scams Guide page.
Any time that you are directed to a site that appears to be a WebLogin site, check the URL before entering your username and password. To verify that you have not been directed to a fraudulent WebLogin site, always confirm that the URL appearing in your web browser's location bar begins with exactly https://weblogin.stanford.edu/login.
Note: Begining on March 30, 2018, the WebLogin URL will change to https://login.stanford.edu.
Phishing email example #1
What to look for in phishing email example #1
Some phishing attempts are very difficult to spot. This email appears identical to an email from Stanford's Payroll Office except for the word: AXESS. In the original legitimate email, AXESS was not a link. In the phishing attempt, it is linked to a phishing site.
- 1 Disguised or modified link
- When you hover your mouse over a link, the actual URL you are being directed to is displayed in a popup or at the bottom of your browser window. In this case, the URL goes to
axess.stanford.edu.nr-9138.ul.forour.info/l/index.phpThe domain is actually forour.info instead of stanford.edu. You can determine the domain by recognizing where the forward slash starts in the URL string.
- 2 Official looking logos or signatures
- Scammers can easily access official looking logos or signatures from websites and include them in their phishing emails. Do not assume the email is legitimate simply because it includes an official-looking graphic.
Phishing email example #2
What to look for in phishing email example #2
Some phishing attempts are easier to spot:
- 1 Unprofessional email title
- Note the three exclamation points in the subject line. Legitimate organizations do not typically use unprofessional formatting in the messages they send to clients.
- 2 Forged email address
- The sender's email address may be forged, even if it looks legitimate. This address is suspect because the sender (Stanford Webmail Team) does not match the name used in the body of the message (Stanford Admin Team).
- 3 Bad grammar and typos
- Poorly written sentences, bad grammar, and misspelled words indicate that the email is probably a phishing scam.
- 4 Sense of urgency and account status threat
- Phishing emails typically warn of a sudden change to an account and ask you to act immediately to verify your account.
- 5 Request for personal information
- Be wary of any message that asks for your personal information — it is probably a phishing attempt.
- 6 Disguised or modified link
- Even though a web address contains "stanford.edu" it may not be a Stanford website. When you hover your mouse over a link, the actual URL you are being directed to is displayed in a popup or at the bottom of your browser window. If the link in the email and the URL displayed are not identical, there is a possibility that you are being directed to a fraudulent site.