Recognizing a Phishing Email

Check the Sender Address

No matter who an email shows to be the sender, check the email address to see if it matches their known email address or domain. Sender identity can always be spoofed. Also, do not respond to any request the sender makes if there was no prior expectation of it. 

Beware of Any Included Link/Attachment

  • If a link is included in such an email, check the URL to see if it matches the known business/organization domain name of the purported sender (for example,,, .edu, etc.)
  • It is extremely difficult for a hacker to take over another domain name but a domain name can be spoofed in a URL so that when you click on it, you are redirected to another website. For example, a link might show but the link points to a different website. If you are unsure that a URL is legitimate, right-click the link and select copy link address, then paste into another email window, Word or Notepad and see if it matches the URL in the email.
  • Sometimes emails do not contain a link that you can see but instead a button you are supposed to click. In those cases, DO NOT click the button but instead, follow the steps as above to check if the URL matches the known domain name of the email sender.
  • Other times, the links may be tiny or shortened URLs generated by, etc. so it will not normally match the known domain name of the email sender. However, when you paste into a browser address bar and type enter, pay attention to what site it goes to. If it does not resolve to the known domain name of the sender, do not proceed.
  • Do not click any like purporting to contain confidential information stored on Google Drive and requiring you to log in. It may be an attempt to steal your credentials. 
  • Do not proceed if you clicked a link or paste and go and are prompted to log in. It may also be an attempt to steal your credentials. 
  • If you receive an email for any sender (unknown or appears to be known) with a Microsoft Word .docx or Acrobat .pdf or a Zip .zip/zipx attachment allegedly containing financial/other information, DO NOT OPEN. The attachment may contain a ransomware trojan that will encrypt your files and require you to pay a ransom to have them decrypted. 

Check the Message

  • Google Drive is inherently secure so if you receive a message that says sharing "Secure Files with you securely!", you should immediately be suspicious. 
  • If an email is delivered from an unknown sender and asks you to provide information via a website, it is most likely phishing. 
  • A message could also say someone has shared a document with you via Dropbox to review. Even if the user is known but the message is unsolicited, please contact the person via phone or a separate email to confirm. 

Never Provide Personal Information

Do not provide any personal information including password via any unsolicited email or phone call. If you received an email allegedly from someone you work with or know requesting you to provide financial information, call the person to verify.