Good Practice

Recognize and Report Email Scams


The IRS needs your information now! A friend or colleague shared a document with you! Your account will be shut off! Is the email real? How do you know?

Email scams (known as phishing) are a common method to trick you into visiting a fraudulent website, opening an infected document, or logging in to "validate your email account." These emails, websites, documents, or login pages may be obviously fraudulent, or may look exactly like the University's login page. Higher education institutions are popular targets for these scams.


Recognize Email Scams

  • From official sounding senders like “UMN Edu Team,” “Service,” “HelpDesk,” “Customer Service,” or even a colleague, professor, or friend.
  • Include threats or dire consequences if you don't act quickly. You are asked to pay ransom to access your data.
  • Links to a login page that may or may not look exactly like the University's login page but the web address does not end in or may be shortened by services like tinyURL.
  • May ask you to open a shared document you may or may not be expecting.
  • May ask you to bypass policy/procedures.
  • May ask you not to tell anyone.
  • Learn to recognize the difference between fake and official University Google log in page
  • Learn what to do with SPAM-unsolicited commercial email

What Not to Do

  • DO NOT give your passwords and other sensitive information to an unverified party online, over the phone, or in person.
  • DO NOT click any links contained in the message.
  • DO NOT open any attached files or shared documents.
  • DO NOT provide personal information such as passwords in a reply to an email.
  • DO NOT submit passwords through Google Forms.
  • DO NOT violate policy.

Report Email Scams

Take Immediate Action If You Think You Are a Victim

Download Handout

Download and post our Recognize and Report Email Scams handout (PDF). It can help you remember how to identify and protect yourself from Phishing scams and identity theft.