1. Verify the Sender's Address
Look at the sender's address (From: section). For example, an official email from York University should have @yorku.ca at the end of the sender's email. This applies to other institutions as well.
2. Verify the WWW address
Point the mouse (don't click) at the WWW address and verify the target. It should point to the WWW address of the organisation who sends it. For instance, a legitimate email from York University that includes a link to a website should point to www.yorku.ca.
3. Asking for Password and/or Personal Information
York UIT will NEVER send unsolicited requests for passwords or other personal information via email. Do not respond.
4. Urgent Action Required
UIT Information Security sends a cease and desist notice to any web sites used for phishing. Therefore, fraudsters and phishers incorporate a sense of urgency to scam as much personal information as possible before they are caught and taken off-line.
5. Poor Spelling and Grammar
An official email from York University is reviewed and revised before it is sent. Fraudsters generally do not do that.