If you’re a person with an email address, you’ve probably received a phishing scam. And while there are plenty of obvious signs to watch out for, modern scams have evolved to be even trickier than their typo-ridden predecessors.
We’ve compiled a fresh list of some common signs to look for when you get a text or email that doesn’t feel right.
🎣 Why Is Phishing So Common?
Phishing is a type of cyberattack that uses fraudulent messages designed to impersonate a legitimate person or organization. These attacks work by targeting social psychology rather than your hardware or software directly. Most computers have advanced cybersecurity protections that make it difficult to break in by force, so bad actors have taken to simply asking you for your digital keys.
The goal is to trick you into downloading harmful attachments or giving up sensitive information — like your Pitt username and password, bank account numbers, or Social Security numbers. And it works: more than 90% of successful cyberattacks start with a phishing email.
🚩 Red Flags to Watch For
Because cybercriminals know to prey on your social graces, phishing messages are designed to feel familiar and urgent.
The Sender Isn’t Who They Say They Are
Even if an email appears to be from someone at Pitt, check the actual email address carefully. A message claiming to be from Pitt Digital that comes from a Gmail or AOL account, or a domain with a subtle misspelling, is a major sign there’s something phish-y going on.
There’s Pressure to Act Fast
Phrases like “Your account will be suspended,” “Respond within 24 hours,” or “Immediate action required” are classic phishing tactics. Urgency is a manipulation tool. Scammers want you to react before you think.
They Really Want You to Click Here
Scammers know that most people open dozens of harmless links every day, which is why so many phishing scams ask you to click on a dodgy link. Only click on a link if you’re certain the message is legit — and when in doubt, go directly to the source rather than following the link.
Unsolicited Requests for Personal Info
These days, it feels like everyone wants your name, address, and phone number, so emails asking to confirm personal details don’t feel out of the blue. That’s why it’s critical to play detective any time you receive a text or email asking for information — especially if you’re not expecting it.
🤖 Phishing in the AI Era
As technology evolves, so do phishing scams. AI’s ability to quickly generate legitimate-seeming text has made phishing scams more frequent and more difficult to spot. While phishing messages of the past were full of misspellings, grammatical errors, amateur graphic design, and generic greetings, AI has made it easier to add a professional polish to almost any message.
But even though AI is making scams appear more credible, you can always look for the social engineering cues that more clearly separate phishing messages from authenticated communications.
🎓 Phish vs. Fact: Staying Vigilant
Universities are frequent phishing targets because they’re large, busy communities where people receive a high volume of email every day. Scammers know that a well-timed, convincing message is more likely to slip through the cracks.
The best way to avoid phishing scams is by staying up-to-date on common tactics (remember when everyone was asking you for gift cards?) and applying reasonable scrutiny to out-of-the-blue communications. Resources like KnowBe4, Pitt’s security awareness training platform available to all students, faculty, and staff, walks you through how phishing attacks work and how to recognize and respond to one. It’s part of your annual cybersecurity training, but you can also check for new courses and resources at any time.
✅ How to Report a Phishing Scam at Pitt
If something looks suspicious, report it before you hit delete. The best way to report a phishing email at Pitt is to use the built-in Report button in Outlook (it looks like an email with a little hook). If you’re not using Outlook, send the suspicious message as an attachment (rather than a standard forward) to phish@pitt.edu. Forwarding as an attachment is important because it preserves the metadata of the message, which helps our security team investigate.
And if you ever worry that you may have clicked a phishing link or entered your credentials somewhere suspicious, contact the Technology Help Desk right away so they can help secure your account.
Phishing works because it exploits the moments when we’re busy, distracted, or just trying to get through our inbox. A little awareness goes a long way — and when you know what to look for, you’re a much harder target.
— Pitt Digital
