Identifying Illegitimate Email

Main Content

Do not click just because an email tells you to!

Look at who it is from. 

If it is not from someone you recognize or appears to be from some vague office at Duke or other entity, be suspicious.

Look at the expression of urgency.

If the email wants you to act right away, be suspicious.

Look at what the email wants you to do. 

If the only option is clicking on a link or an attachment, be suspicious.

Look for clues that it is not genuine.

  1. Are there spelling or grammar mistakes that you wouldn't expect?

  2. Does the From: address text say it’s from Duke or some other respected entity, but the email seems to come from some other account?

If any of these are true, be suspicious.

What do you do if you are suspicious?

Duke email is now protected by ProofPoint's URLDefense system. All non-Duke links are rewritten so that they go to the URLDefense site first. This will help catch a lot of phishing and malware attacks (phishing is in pursuit of your personal info or access, and malware seeks to compromise your computer/device). But there will always be sites that sneak through, at least for a while. Suspicion is still key.

After examining everything, you may conclude it is a phishing or malware email, or you may be unsure. If so, click on the Report Phish button that is available in every Outlook client. You will get a response confirming if it's a phishing attempt or describing it as safe. Use the "safe" report as guidance only, because the evaluation is done in automated fashion at this first stage. If you question the report or aren't using Outlook, contact the law school’s Academic Technologies help desk before you click: 919-613-7072 or You can also get assistance from the Duke Office of Information Technology service desk: 919-684-2200 or .