Overview - Phishing Email

REPORT A PHISHING EMAIL: phish@ecu.edu

If you suspect you have responded to a phishing email,
change your password immediately and call the IT Service Desk.

IT Service Desk 252-328-9866 | Pirate Techs Technology Support Centers | Submit a Ticket

Skip to a section: What is phishing?  | Recognize a phishing emailWhat to do

Audience

All ECU users

What is phishing?

Phishing emails appear legitimate but are actually fraudulent. They often impersonate trusted sources such as administrators, faculty members, or campus services. The goal is to steal your personal data, compromise your accounts, or spread malware. Eventually, a phishing email will show up in your inbox. It happens to everyone.

For example, an email claims to be from your bank, the ECU IT Department or Service Desk and requests you log in or provide personal information. The message looks legitimate, but it’s really a trick to obtain your login credentials and steal confidential data, or fool you into downloading harmful attachments. More than 90% of data breaches start with a phishing attack. Don’t take the bait!

Recognize a phishing email

  • Urgent requests: Be cautious of emails that create a sense of urgency, asking you to take immediate action. No one is going to contact you via email and offer you a job.
  • Suspicious links: Hover over links before clicking to verify their legitimacy. Avoid clicking on unexpected or unfamiliar URLs.
    Scammers often use shortened links to hide their true destination. These links have fewer characters and don’t form recognizable words or phrases. While not all shortened links are malicious, they can be tricky to verify at a glance.
  • Mismatched sender addresses: Check the sender’s email address carefully. Phishers often use similar-looking (spoofed) addresses to deceive recipients. Hover over the sender's address to ensure the displayed address matches the true address. For example, official emails from the Cashier's Office come from "cashier@ecu.edu." If the email is NOT from "cashier@ecu.edu," it is not from the Cashier's Office.
    Messages sent from outside ECU's email system are tagged with the following message: "This email originated from outside ECU.”
    ""
  • Requests for personal information: Legitimate organizations never ask for sensitive data (passwords, Social Security numbers, etc.) via email. If you are asked to buy gift cards and call them back with the number on the card – it is a SCAM.
  • NEVER provide your social security or bank account information to ANYONE who contacts you via email. Email is not a secure method of communication which is why legitimate requesters never ask you to send through email.
  • Official ITCS email communications always match the display name and email address. Examples:
    • The ITCS Notification email address is always "ITCSNOTIFICATIONS@ECU.EDU."
    • Phishing emails mask the true address. In a phishing email, mouse over "IT HELPDESK," and the address is something like, "joesmith@someotherdomain.com."
  • Red flag examples: 1) The image shows a non-ECU address for Z. Loch; the domain is not ecu.edu. 2) The email originated outside ECU but the message purports to be from someone at ECU. 3) Scrolling (NOT clicking) over a URL in the message reveals a different web destination.
    ""

Don't panic – don't click

If you receive a suspected phishing email, here's what to do:

  • Be skeptical. Do not click links or attachments you’re not sure are legitimate. NEVER reveal your password to anyone. Legitimate businesses  including ECU  will NEVER request personal information through email.
  • If you do provide account information to a malicious site, CHANGE YOUR PASSWORD IMMEDIATELY at the password Maintenance website. Then call the IT Service Desk at 252-328-9866.
  • Verify a sender. Mouse over any links to check the URL.
  • Be careful of links and attachments. Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
  • Keep your anti-virus software regularly updated.
    • Windows Defender (included with Windows 10/11)
    • XProtect included with macOS
    • Antivirus software from any reputable vendor.
  • Update your computer and software. Install the latest patches and updates for your operating system and other software.
  • Report a phishing or spam email by forwarding the message to phish@ecu.edu or submit a security concern to ITCS. To learn more about phishing, visit the Federal Trade Commission.
  • Delete the suspected email once it's reported.
Print Article

Related Articles (1)

Information Security for Personally-Owned Computers
Protect ECU data by following this guidance when using your personally-owned computer for university business.

Related Services / Offerings (1)

ECU Email Support
ECU email is available through the Microsoft 365 subscription. Submit this form to request assistance or a department email account.