Email Security

Owned by Stephen Ashby
Last updated: Nov 15, 2024 by Tammy Voigt
2 min read

Information Technology helps protect the privacy, confidentiality and integrity of Salisbury University resources and data through a combination of technology and awareness.  

Phishing is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information -- such as credit card numbers, bank information, or passwords -- on websites that pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website.

Keep your account safe:  

  • Never respond to an email if you believe it may be a phishing attempt.  
  • Never click on any links or open attachments from unknown senders.
  • Never approve MFA authentications, such as DUO push, or provide authentication codes to anyone!

Ways to recognize a phishing email:

External Banner:

Emails that are received from a sender outside of Salisbury University will be marked with the below heading.  

Please use caution when responding to these emails.  Emails that claim to be from the IT Help Desk or an IT Administrator that asks you to provide your SU account username or password should be questioned as to its validity even if it appears to be coming from an SU account. If you receive an email you believe is a phishing email please follow the instructions found at Phishing Email-What to do if you receive a phishing email.

An urgent call to action or threats:

Be suspicious of emails and messages that claim you must click, call, or open an attachment immediately. Often, they'll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much or consult with a trusted advisor who may warn you.

Tip: Whenever you see a message calling for immediate action take a moment, pause, and look carefully at the message. Are you sure it's real? Slow down and be safe.

Spelling and Grammatical Errors:

If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they're deliberate in an attempt to evade filters that try to block these attacks.

Mismatched email domains:

If the email claims to be from Salisbury University or your bank, but the email is being sent from another email domain like Gmail.com, or microsoftsupport.ru it's probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second "o" has been replaced by a 0, or rnicrosoft.com, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers.

Suspicious links or unexpected attachments:

If you suspect that an email message or text is a scam, don't open any links or attachments that you see. 

Because of the increased delivery of malware, viruses and ransomware through compressed (zip) files and executable (exe) installer files, IT removes those file types from emails sent to @salisbury.edu email addresses from external email addresses. If you need to receive a zip or exe file from a trusted sender and are unable to receive the file as an attachment, see our Receiving Zip and Executable Files by Email guide for alternative options to receive those files.


What to do if you receive a phishing email:

Report as Phishing:

All phishing emails should be reported to IT Security using the Phishing Alert Report- email security icon.

Reset your Password:

If you have clicked on any links or provided information reset your SU password immediately.  

Instructions for resetting your password can be found here.

Check for Email Rules:

Many times criminals who have gained access to your account will create email rules to forward or delete your email.  Once you have reset your password login to https://outlook.office.com and delete any rules that may have been created.  


Cybercriminals can also tempt you to visit fake websites with other methods, such as text messages or phone calls. Do not be pressured into providing personal information including your password.  

These messages will often include prompts to get you to enter a PIN number, provide MFA(DUO) authentication, or provide some other type of personal information.

Do not be a victim of a phishing attack.  Never approve of an unknown authentication request within DUO or provide text codes to anyone.  


Related articles




Did this solve your issue??