Rules of thumb for evaluating email as "phishing" or "spam" is similar to how we (as humans) assess the subjective age of food: “When in doubt – throw it out!”
- If you were not expecting the communication, the best practice is to “block it”, then delete it, but do not click the link contained within.
- Review the senders email address – for instance: "nailsona_nubzb@icloud.com". Legitimate business emails will always come from the sending organizations professional domain (like, nmpsfa.org").
- Hover over any embedded links and make sure the link address matches the senders email domain (nmpsfa.org, for example).
- An email that is legit will come with a file (like a PDF) that is “attached”, not a “Click Me” link. The title will typically indicate what is within the attachment.
- In cases where a file is too large for email, the attachment link is coordinated by another system (like our “PSFAConnect”, or Dropbox, for instance).
- If in doubt, call the sending party to confirm they sent the email to you. Do not call the number or reply to the email address contained within the email, you will have to look up the real information.
- If you’ve read this far, then you have probably already answered your own question as to the email's legitimacy.