Even with advanced email security tools in place, a small number of malicious messages can still reach our inboxes.
If you receive an email asking for personal information, requesting urgent action, or prompting you to click a link or open an attachment, pause and review the message carefully before responding.
Before clicking or replying, consider the following:
- Check the “From” email address—not just the display name.
Attackers can easily spoof names or create addresses that look legitimate (for example, [email protected]) using free email services.
- Look for spelling, grammar, or formatting errors.
Many phishing emails contain awkward wording, inconsistent formatting, or generic greetings such as “Dear User” instead of your name.
- Be cautious of urgent or threatening language.
Scammers often use pressure tactics—such as warnings about account suspension or immediate payment requests—to rush you into acting before you notice something suspicious.
- Be wary of unexpected attachments.
Malicious attachments are commonly used to deliver malware or viruses. Files with extensions that can run code or macros (such as .exe, .cmd, .docm, .pptm) should be treated with extreme caution.
- Verify links before clicking.
Hover over links to check whether the displayed text matches the destination URL. Mismatched or unfamiliar links are a common red flag.
Reporting suspicious emails:
Fortunately, the Academy provides PhishAlarm, a tool designed to help identify and stop phishing attempts. PhishAlarm is located on the right side of Gmail.
When you report an email using the PhishAlarm, the message is analyzed for legitimacy. If it is determined to be a threat, it is automatically removed from everyone's email.
Using PhishAlarm helps protect not just you, but the entire MMA community.