Check It Before You Click It - Phishing, Malicious Links & Spoofed Headers

Favorite Article   

There may be broken links in this article, the GROK staff has been notified and is working to resolve the issue.
Check it before you click it logo.

Table of Contents:

What is Phishing?

Check It Before You Click It
Checking Links in Outlook 2010
Checking Links in Thunderbird
Checking Links in Mac Mail

Checking Links in iOS Mail (Apple Mobile Devices)

Spoofed Headers - Faking the From: Field
Reporting Phishing Messages and Additional Information

Related Links:

LSU Security Awareness

LSU Email Overview

What is Phishing?

The word "Phishing" is a variant of the word "fishing."  It generally comes from an analogy of spammers sending many emails (casting a wide fishing net) in hopes of catching a user (the fish). Though many users don't fall victim to the scams, it only takes a few to make it successful.

What is the point of phishing?

"Phishers" typically attempt to steal information from you. This information includes (but isn't limited to) PAWS ID and password, email login information, banking information, and more. Attackers can use this information for different reasons including gaining privileged access to LSU's network, sending malicious spam from your email account, stealing sensitive personal information, etc. Your financial/banking information could be used steal your identity, pilfer funds from your account, send money out of the country, and more.

Check It Before You Click It

Most phishing scams can be avoided by sticking to these basic principles:

1. Treat ALL LINKS as if they are suspicious.  (Links include Web Addresses & URLs)

2. Log in with your LSU PAWS ID at official sites ONLY & pages such as and

3. Never provide your password or other sensitive information in an email message.

  • You are responsible for your LSU PAWS ID.  DO NOT share your PAWS password with ANYONE for ANY REASON.
  • Email is NOT a secure way to send out personal information.  ALL email messages can be intercepted when they is sent, and email messages are NOT encrypted or protected by default.
  • If an attacker gains access to your email account, ALL of the sensitive information stored there will be accessible to the attacker.

4. Be suspicious of messages such as these:

  • You are urged to take "Immediate Action",  there is a sense of urgency, or you are threatened that your account will be shut down.
  • Claim that your email inbox is Full or near its quota and needs to be upgraded.
  • Claim that you must login to enable security features or other services.

What do you mean by "treat all links as suspicious"?

Many emails are sent like a Web site with HTML code behind the scenes.  This is done in order to include Web links, display images, and provide other special formatting.  However, web links can be deceiving.  (Example: The following text link  - - opens the official LSU web site.)

Phishing Messages often do the reverse tactic of masking a malicious site through what looks like an official LSU page. This can trick users into believing they are visiting a legitimate site. For this reason you shouldn't automatically trust what you see in email messages. Text links that appear as one link but lead to another should be treated as highly suspicious.

How do I check where the links actually go?

If you are using a desktop or laptop with a mouse, you may easily 'hover' the mouse cursor over the link. Depending on your operating system and email client, where the actual destination of link is displayed can vary. Below are examples of the same phishing message in several email clients:

Checking Links in Outlook 2010

Outlook 2010 for Windows: True link destination displays where the mouse hovers, and at the bottom of the screen.

Checking links in Outlook 2010 with a spam message shown

Checking Links in Thunderbird

Thunderbird 17.0.7:  True link destination displays at the bottom of the application window ONLY.

How to view the true destination of a link in Thunderbird


Checking Links in OS X Mac Mail

OS X Mac Mail: True link destination displays where the mouse hovers, and at the bottom of the application window.

How to determine the true destination of a link in OS X's mail.

Checking links in iOS Mail

Apple iOS Mobile Devices:  True link destination displays when you tap and hold down your finger on the link.  (Apple iPhones & iPads DO NOT have a cursor for you to hover over the link with.)

See Demonstration Video:


Spoofed Headers - Faking the From: Field

There is a belief that if an email says it is from an account, like, then it must actually be from The unfortunate reality is that the "From:" field can be easily faked to appear as any account or person. This is commonly referred to as "spoofing".

In the phishing examples above, the message says it is from LSU, however it also provides an email address of While that email address could be an instant indicator that LSU DID NOT send the message, keep in mind that even the email address can be spoofed to show or

If you are not sure about an email message's legitimacy:

Send an email to the  Include the following information:

Reporting Phishing Attempts & Additional Security Information

The LSU IT Security and Policy (ITSP) Team has deployed PhishMe Reporter, an application that provides users the ability to report suspicious e-mails to the ITSP team quickly and efficiently. The application is available for all mailboxes automatically. For more information on how to use this utility, click here.

There are numerous kinds of phishing attempts and other scams targeting users, many of which LSU cannot take any action on. However here are a few cases where we recommend you contact

  • You have a phishing message that contains malicious links.
  • You clicked on a link or responded with personal information to a potential email scam and need help determining what to do.
  • You have a scam message you believe came from another LSU user.

As long as you do not click on any malicious links or respond to the email with personal information, you as well as your computer should not be at risk.

Junk, spam, or suspicious emails in LSUMail can be reported directly from your mailbox in OWA or Outlook. To learn how to do this, please visit GROK article 17521.

As always, if you have any concerns or comments please feel free to email the LSU IT Security & Policy Office with any of your questions via

9/11/2018 7:35:53 AM