How to Detect a Phishing Attack

  • Messages creating a tremendous sense of urgency.
  • Look for typos or discrepancies in logos.
  • Pressure to bypass or ignore our security policies or procedures.
  • Read URLs from left to right, the last address is the true domain, for example https://store.amazon-    com.example.com/index.html might look like it will take you to Amazon’s website, but in fact it will take you to example.com.
  • Offers that seem too good to be true.
  • Generic greetings such as "Dear customer" or "Dear Member"
  • Emails that are work related but are sent from a personal email address, such as hotmail.com or gmail.com.
  • Websites that claim to be secure but do not use HTTPS.
  • Requests for sensitive data such as credit card numbers or account passwords. 
  • The tone or wording of the message does not sound like the sender.
  • Sites that begin with an IP addresses instead of a domain name.

Security Recommendations

 ITS Information Security strongly recommends the following for you:

Think before you click!
If you suspect a phishing attack, report it immediately to servicedesk@lmu.edu

If you have any questions, contact the Service Desk at (310) 338-7777 or at servicedesk@lmu.edu.