Beware the wolf in sheep's clothing.

Description of the video:

[ Music ]

>> Hold on there. Think before you click. One good way to recognize a phish or a malicious email is to verify the sender. Double-click on the sender's name to see the real email address. If using Gmail, move your mouse over the text, but don't click. If using a mobile device, tap instead. If the revealed email address isn't what you expected for that sender, beware it could be a phish. This email is definitely a phish. So ask yourself did you expect an email from this person or group? Is the sender's actual email address legitimate, including the full domain after the @ sign? If you can't verify the sender, do not click any links or take any requested action. Instead, look carefully at the email. If it appears suspicious, report it. There are even more ways to recognize a wolf in sheep's clothing, but checking the sender's real address is a good step. Find more tips to recognize, rethink, and report on

[ Sheep bleating ]

Think before you click—Quick steps

1. Recognize

Verify the sender is who you think it is.

How: Double-click or tap the sender’s name at the top of the email to view the real email address. (In Gmail, hover without clicking.) 

Get more help to recognize >>

2. Rethink

If you can't verify the sender, do not click at all.

How: If the email refers to a known website, type that website address into a new browser window instead and check for information there. 

Get more help to rethink >>

3. Report

Suspect it's a phish? Send the alert.

How: Contact your campus UITS Support Center for help on how to report it. 

Get more help to report >>

Learn more to boost your defenses

Take free online courses

Take no-cost online training via IU Expand any time.

Explore online classes

Hold "Think before you click" workshops

Request a "Think before you click" session with IT Training.

Schedule a workshop

Run practice simulations

Get the PhishMe simulation service for your department.

Request this service

Partnering groups behind is the result of a partnership among the following groups and services at IU:

  • University Information Security Office (UISO)
  • University Information Policy Office (UIPO)
  • IT Communications Office, Office of the Vice President for IT (OVPIT)
  • IT Community Partnerships, University Information Technology Services (UITS)
  • UITS IT Training
  • UITS Support Center