1) Read our tips regarding how to identify and avoid phishing scams. A good rule to follow is to never provide info if you did not personally ask for the email that was sent to you (i.e., you began the conversation).

2) Look at the sender's address closely. Scammers are tricky and may place familiar terms in the address, such as "ttu". Ensure that the portion following the @ symbol is from a known and expected domain. Valid email domains within the Texas Tech University System include ttu.edu, mailers.ttu.edu, lyris.ttu.edu, ttuhsc.edu, and angelo.edu.

You can determine the actual email address of a sender in the following ways:

• Outlook: Open the message. Then, right-click the sender's name and choose "Open Contact Card" (Windows) or "Open Outlook contact" (macOS);
• Outlook on the web: Open the message. Then, hold your mouse pointer over the sender's name for 2-3 seconds;
• Mobile clients: Open the message. Then, tap the sender's name.

EXAMPLE: Below is a sample phishing message that purports to come from the TTU Office of the President. Observe that the sender's address is not president@ttu.edu but rather president@techannouncettu.com.

3) It is important to know how to identify a fraudulent site. Please ensure you are aware of how to do this in the email client(s) and/or browsers you typically use to check your email and browse the web.

4) Understand that credentials can be captured by malware and viruses. Unwanted, malicious software (malware) can be installed on purpose or by accident, and it can track when you input a username and password. Never install software from unknown sources.

5) It is important to have anti-virus and anti-malware protection on your computer, and to keep it updated. Install, update, and start system virus and malware scans.

If the computer is owned by TTU, your departmental IT support personnel can install anti-virus/anti-malware software free of charge. Officially-provided software should be used for an anti-virus program.

If the computer is personally-owned, we recommend using your operating system's built-in security features (e.g., Windows Defender Antivirus) or an anti-virus product of your choosing. Additionally, for personally-owned systems, a program such as Malwarebytes (free download) can be used for anti-malware.

NOTE: Malwarebytes should not be installed on TTU-owned devices.

6) Understand never to provide your eRaider account password to anyone, by email or in person, especially those claiming to be employees of Texas Tech University.

7) Review our list of primary list of recent email phishing scam examples, as well as the following links regarding specific phishing examples:

• Phishing message purporting to be from Texas Tech Payroll
• Example of phishing attempt to obtain FedEx credentials
• Phishing message from wireless carriers such as T-Mobile, Verizon, or AT&T
• Common methods used to steal your identity

8) If there is ever any doubt, you can always contact IT Help Central to verify the legitimacy of an email message.