University at Buffalo - The State University of New York
Skip to Content

Five Red Flags: You're Being Phished

By Dan Hartman

Published April 1, 2016

Dan Hartman (UB Student, Class of 2016) was born in Rochester, NY. He transferred to UB after earning an Associate’s Degree at Monroe Community College and is working towards completing his Bachelor’s in Communication. Dan hopes to become a screenwriter someday. In his free time, he enjoys working out, eating cereal, and spending time with his friends.

Remember when you were a child and you were told "don’t talk to strangers" in order to keep you safe? With over 3 billion people using the Internet worldwide, there are quite a number of "strangers" out there just waiting to steal your personal information.

Phishing is the attempt to acquire sensitive information such as passwords, credit card information, and other private data by disguising as a trustworthy source through electronic communication.

UBIT Senior Information Security Analyst Dr. Catherine J. Ullman is part of the team that oversees IT security alerts at UB and has witnessed a wide variety of phishing attempts. "We have received everything from 'verify your information' to job offer scams and death threats," she stated.

Dr. Ullman said victims of these scams need to remain vigilant and look for warning signs of a phishing scam. "There are some very convincing phishing messages that could trick you into giving away personal information." She advises that in many instances there are signs that can help you identify these threats.

UB's Information Security Office has compiled a list of five red flags that can help you to identify phishing attempts and protect your privacy:

1. Email Address Doesn’t Match Sender’s Company

Always check the ‘from’ field to see where the email originated. Phishers will often use email addresses from third party websites, but deceive victims by using a trustworthy name. If you do not recognize the address in the email as the proper address that the sender claims to be representing, it is a scam.  

2. Threatening Message

Phishing attempts are often written in a threatening tone to scare the victim into cooperating. The phisher wants a quick response, so the victim has less time to think critically about the threat. "They will say to act quickly because if you don't, something bad is going to happen," Dr. Ullman said. A message with any kind of threat is a red flag that the email is spam.  

3. Spelling and Grammar Errors

Phishers spend their time trying to steal your hard-earned money, not taking writing courses. Many scam artists operate in foreign countries and may have poor English skills.  When a large company sends out a message on behalf of the entire company, the message is usually reviewed for spelling, grammar, and legality.    

4. Asking for Personal Information

Banks don’t need you to send your account number because they already have that information. UB or any reputable business will never ask you for your credit card number, password, or answers to your security questions.  

5. Incorrect URLs

Hovering over an embedded URL will reveal the actual hyperlinked address. If the hyperlinked address is different from the address with which the sender claims to be associated, the message is likely fraudulent.

See examples of phishing, or get help

Find examples of phishing attempts on the UBIT website. To report a phishing attempt sent to your email, forward the message as an attachment to

If you have questions or feel your account has been compromised, contact the UBIT Help Center (716-645-3542,