Avoid Phishing and Malware

Tips to Spot Email Scams
Best practices can help you spot and avoid email scams

  • Take a moment to look at the email address (Do the alias, sender, and domain look legitimate?)
  • Consider whether the content of the email makes sense (Would a Nigerian prince really want to give you a million dollars?)
  • Watch out for messages urging you to act fast before you think
  • Never respond to emails asking you to reply or call them with contact or financial information or personal information, such as date of birth or social security number (or other tax ID)
    • First, ask yourself if the sender has a legitimate reason to be asking for this information
    • Even if you answer the first question "yes," don't reply to the email or call the number provided. Contact the sender directly to determine if the request is legitimate (For example, call the number on the back of your credit card)
  • Beware of emails that contain links and/or attachments, and be careful before clicking or opening them. The easiest way to protect yourself is to not click on suspicious or unknown links
  • Malicious links are the most common scam tool and one of the easiest to spot if you know what you're looking for. At first glance, the URL may appear legitimate, but
    • The true URL could be hidden (a link's text can look like a URL, while link itself points somewhere else). Hover over the link to see where it's really pointing
    • A link shortening service might be used to hide the malicious destination
    • The URL may contain misleading typos, such as instead of
  • Ask yourself whether you're expecting an attachment from this person
    • The only attachment file format that isn't a potential threat is .txt. Treat all other attachments as potentially malicious.
    • Attachments, especially Microsoft Office files like .xls could contain hidden malware, even if they pass your virus protection scan
  • And when in doubt, confirm the message content with the sender before taking any action, including clicking links, saving/opening attachments, or calling the phone number. Confirm via a method other than email, if possible. If not, compose a new message. Make sure you are not replying to the suspicious message – that could go to the phisher

Want to learn more about protecting yourself from phishing? Click here to read the Federal Trade Commission's detailed advice ( ).

If you believe you have received a phishing attempt through ResLife Portal, from an ResLife Portal user, or about your ResLife Portal credentials, please report it to

Other Resources

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.