Skip to main content

Recognize a Phishing Attempt

Overview

Phishing and spear phishing are common cyber threats that attempt to trick users into giving away personal or sensitive information. These attacks are becoming more convincing, especially with the use of artificial intelligence or AI. This article explains what phishing is, how to recognize it, and what to do if you receive a suspicious message.

McLennan Community College will never email you requesting your password, ask you to submit personal information through a Google Form, or send official college communications from a student email account.

If you receive unexpected Duo authentication calls or notifications, do not approve them and change your password immediately. Additional guidance is available in the Keep getting Unexpected Duo Calls or App Requests article. 

Getting Started

What is Phishing and Spear Phishing

Phishing is a broad attack sent to many recipients in hopes that someone will fall for it. Spear phishing is a targeted and personalized version of phishing aimed at specific individuals. The goal is to obtain confidential information or install malware. Modern attacks often use artificial intelligence to write professional, convincing messages that bypass spam filters and avoid obvious grammar mistakes.

How to Spot a Phishing Attempt

Phishing emails can be very subtle. Always pause for a few seconds and carefully review messages before clicking or responding.

  • The message contains an offer that seems too good to be true.
  • The language is urgent, alarming, or threatening.
  • The email contains misspellings, bad grammar, or awkward phrasing.
  • The greeting is generic or ambiguous.
  • The sender asks for personal or confidential information.
  • The message pressures you to click an unfamiliar link or open an attachment.
  • The request seems strange or unrelated to normal business.
  • The sender’s address does not exactly match the company domain.
  • The email includes personal information that could have been found on social media or public records.

What to Do if You See a Phishing Email

Once you recognize a phishing email, acting correctly helps protect both you and the organization.

  1. If the email was sent to your MCC work or student account, report it immediately to helpdesk@mclennan.edu. Employees using Outlook Classic may report phishing emails using the Outlook Classic: Phish Alert Button.
  2. If the email was sent to your personal email, do not click any links, do not reply, and do not use the unsubscribe option.
  3. Delete the message.

Remember: do not click on links in suspicious emails. Delete them.

Additional Details

  • Artificial intelligence is increasingly used by criminals to generate highly convincing phishing messages.
  • Always verify unexpected requests by contacting the sender through a known, trusted method instead of replying to the suspicious message.
Back to top