Merriam-Webster describes "phishing" as the following:

 a scam by which an Internet user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly

The Anatomy of a Phish:  How does it happen?

You get an email that looks generally benign, maybe even a little bit official.  Below you'll see one that is common at ESU.  It includes Microsoft Teams, so it looks official, right?  So, you click the link.

After clicking the emailed link, the web browser opens and loads what appears to be a legitimate website. In this example the hacker has linked to a webpage that mimics a Microsoft Teams login page. It features a lot of Microsoft branded graphics and colors to add to the effective deception.

If you attempt to login, you've just handed your username and password over to a malicious website.

The question is--how can we identify malicious login sites? Sometimes this is very difficult to do.


If you're going to log in to a website or service go to it's official homepage and log in from there.  Don't follow the link the email!

If it's a website you use frequently, use a bookmark or a link you've used in the past.

If it's an ESU-provided service, you should be able to get to it from Hornet 365 (hornet365.com)!  If not, let us know!


And if you're not sure you can always give us a call at the IT Help Desk to find out for sure!

If you find it, REPORT IT!

If you suspect a phishing email, even if you find info on it right here on our site, report it to us and to Google (if you're using your student Gmail).