Page tree
Skip to end of metadata
Go to start of metadata

Phishing emails

A phishing attack happens when someone tries to trick you into sharing personal information online.

What phishing is

Phishing is usually done through email, ads, or by sites that look similar to sites you already use. For example, someone who is phishing might send you an email that looks like it's from your bank so that you'll give them information about your bank account.

Phishing emails or sites might ask for:

  • Usernames and passwords, including password changes
  • Social Security numbers
  • Bank account numbers
  • PINs (Personal Identification Numbers)
  • Credit card numbers
  • Your mother’s maiden name
  • Your birthday

Important: Siena ITS, Gmail, and most reputable companies will never ask you to provide this type of information in an email.

Report phishing emails

When we identify that an email may be phishing or suspicious, we might show a warning or move the email to Spam. If an email wasn't marked correctly, follow the steps below to mark or unmark it as phishing.

Report a phishing email

    1. On a computer, go to Gmail
    2. Open the message.
    3. Next to Reply Reply, click More More.
    4. Click Report phishing.

An email was incorrectly marked as phishing

    1. On a computer, go to Gmail
    2. Open the message.
    3. Next to Reply Reply, click More More.
    4. Click Report not phishing.

Avoid phishing attacks

Be careful anytime you get an email from a site asking for personal information.

When you get an email that looks suspicious, here are a few things to check for:

  • Check that the email address and the sender name match.
  • Check if the email is authenticated.
  • Hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
  • Check the message headers to make sure the "from" header isn't showing an incorrect name.

Common phishing scams

When it comes to phishing, the best line of defense is you. If you pay attention to potential phishing traps and watch for telltale signs of a scam, you can minimize your risk of becoming a victim. Here are some scenarios you may encounter: 

  • An email appears to come from a colleague asking you to do something out of the ordinary like purchasing gift cards while they are unavailable.
  • An email appearing to come from the President or Provost sharing a file for an evaluation that requires you to login to view it.
  • The scammer pretends to be an employer or pretends that you were referred to them for an incredible job offer that requires no interview, little work, and good pay for just sending them your information.
  • An email appearing to be from a bank, credit card company, or other financial institution requests that you “confirm” your personal account information. Supposedly, your information has been lost, or your account is going to be closed, so it is “urgent” that you respond immediately.
  • A phony email from the “fraud department” of a well-known company asks you to verify your information because they suspect you may be a victim of identity theft.
  • An email may take advantage of a current event, such as the Anthem data breach, which scammers used to send phishing emails with malicious links for “free credit reporting.”
  • An email claiming to be from a state lottery commission requests your banking information to deposit the “winnings” into your accounts.
  • A scammer pretends to have a large sum of money and needs “someone trustworthy” to help access it. The scammer promises to share the wealth in exchange for your help - specifically, your financial information.
  • Scammers will use spoofed email addresses, phony websites with legitimate logos, or phone numbers to fake customer service centers operated by the scammers.

Further Resources


Please contact the ITS Help Desk if you have any questions or need further assistance in identifying and dealing with a phishing message.