Skip Navigation
Security

Tips for Recognizing and Avoiding Phishing Attempts

 

Be skeptical when you read email.  You should know that it could be a phishing email if...

  • The email asks you to connect to a web site with a domain name isn't the one you're used to seeing.  Valid Hopkins web applications will link to a login page with a URL that starts with https://login.johnshopkins.edu/....  A phishing email will often use a URL close to our real domain name.  For example: a recent phishing email directed recipients to the URL http://secure.johnshopkins.edu, but that site actually linked users to a page that started with http://fuzzionday.ru/www.johnshopkins.edu-datasecurityIPupdate/...
  • There are warnings or alarming statements that create a sense of urgency. For example: "Your account will be locked unless or until we hear from you" or "We have noticed activity on your account from a foreign or unidentified IP address."
  • The message is asking for personally identifiable information, such as credit card numbers, account numbers, passwords, PINs or Social Security Numbers.
  • There are misspelled words in the e-mail or it contains poor grammar.

Remember:

  • IT @ JH staff will NEVER send you an email asking for your password.
  • NEVER give out your password and JHED ID to anyone in an email message or on a web page.

Additional information on phishing