Skip to content

Protecting Yourself and Your Computer

Protect Yourself!

Even if you are a seasoned Internet user, it is easy to fall prey to the sophisticated techniques that are used in website and email spoofing. Once tricked, you could inadvertently give phishers extremely damaging information.

The best way to detect spoofed emails and websites is by educating yourself on the signs and by being diligent at all times. If something seems "off" about an email, it probably is. Do not open attached files or click on included links. Don’t visit websites that you don't recognize. Even if it is a website that you know, type in the site’s URL manually to avoid being redirected to a spoofed version of it.

Spoofing / Phishing

​Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. It is a tactic used in phishing and spam campaigns. People are more likely to open an email if they think it was sent by a legitimate or trusted source.

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by means of a spoofed email or other electronic communication.​​

Used in combination, the goal of spoofing and phishing is to get recipients to open and either respond to the email, or to click on a link, attached file or other such mechanism through which confidential information may be stolen or the computer may be compromised.

As with spoofed emails, spoofed websites are created to look like an official website in order to instill a sense of authenticity so that a user might use their credentials, credit cards, etc., so that the information can be stolen (phished).

Other websites, however, may simply compromise your computer through embedded commands on the page, either with, or without your permission or cooperation.
This page was produced by the owner of this website in collaboration with, and under the direction of, the Office of Information Security at Lansing Community College in Lansing, Michigan.

For more information, please email lccinfosec@lcc.edu or contact the LCC helpdesk at (517) 483-5221. You may also email them at lcc1@lcc.edu. ​​

How to Identify a Spoofing / Phishing Email

  1. Check the Sender:
    • A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Let’s say you receive an email that appears to come from a known person, such as from Dr. Brent Knight. You need to do more than look at the name, look at the email account too! If the email comes from knightb4@gmail.com, knightb4@outlook.com or from any domain other than the one you would expect (in this case knightb4@lcc.edu), then assume that the email is fraudulent! Official LCC emails will always come from an lcc.edu email address.
  2. Look for Spelling and Grammar Issues:
    • If you look closely at the email you received, you will find at least one spelling, grammar, or formatting error. A bad spoofed email may be easy to spot, but a well done spoofed email can be difficult to identify. Look for the little things. Nobody is perfect, but a legitimate email that is professionally done will be checked and double checked before it is sent out. Chances are you won't find spelling, formatting, or grammatical errors.
  3. Check the Link:
    • Most LCC emails that contain a link will ask you to go to the page on your own and not contain an embedded link. If there is a link present, hold your mouse over the link and it will show you the "real" link that you will be sent to.
    • Remember, just because the link looks like it will take you to an LCC site, doesn't mean it will. The best practice is to type the URL into the browser yourself.
  4. Check the Greeting:
    • Often, spoofing and phishing emails are often generated automatically and aren't well checked. If the greeting isn't a normal professional salutation, then beware of the email.
  5. Check the Signature:
    • Lack of details, or an unfamiliar signature style may be indicators that the email you received is not legitimate.
  6. Beware of Urgency or Threats in the Subject Line or Email:
    • A common tactic of phishing and spoofing emails is to instill a sense of urgency or fear. Subject matter such as: "Your account has been suspended", "You must change your password", or even "Please take a moment to read the updated evacuation plan" can be indicators that the email you received is a spoofing or phishing attempt.
  7. Don't Click on Attachments:
    • Never click on an email attachment unless it is something that you are expecting. Spoofing and phishing emails often contain malicious attachments and many cannot be detected by your computer's anti-virus software.
  8. Don't Trust or Click on Logos:
    • Just because you see a familiar logo, doesn't mean that the email is legitimate. Logos are easily copied and pasted into emails to lend a sense of legitimacy. Clicking on a logo in an illegitimate email can take you to a website that may ask for personal information or even directly compromise your computer.
  9. Never Give Out Personal or Sensitive Information:
    • Malicious emails will often ask you to give out sensitive or personal information such as credit card numbers, login credentials, or social security numbers. They may even ask you to transfer money to an account. Please be aware and consult with Information Security if you have any doubts about the email's legitimacy.
  10. If you have any Question or Doubt, Contact Information Security or the LCC Helpdesk:
    • Should there be any question in your mind about the legitimacy of an email, please feel free to contact LCC Information Security or the LCC Helpdesk for advice on the matter. Remember, it is always better to be safe now, than to be sorry later.

Helpful Links

SANS Ouch newsletter for email scams and Phishing attacks - OUCH! is the first consensus monthly security awareness report for end users. It shows them what to look for and how to avoid phishing and other scams plus viruses and other malware -- using the latest attacks as examples. It also provides pointers to great resources like the amazing Phishing Self-Test. 

Microsoft Security at Home

Information Security at Lansing Community College

Information Security
Technology Learning Center, Room 421
Phone: (517) 483-5264
Additional contact information »