University of Minnesota Duluth block M and wordmark

Email & Phishing

Email can be "spoofed" or forged to look like it's coming from a respected source. Fraudsters use email spoofing to trick recipients into sharing account numbers or sensitive information. Highly sophisticated email spoofs can be hard to detect, but most are given away by a few tell-tale signs. Read more about Phishing from ITSS.

How to identify official University emails and avoid potential email scams:

  • Watch for incorrect grammar and spelling.
  • Many email scams originate from outside the U.S.
  • View the hidden email header information and verify that it was sent from an address ending in "".
  • Never share sensitive information by email. The University of Minnesota will never send an unsolicited email message asking you to reply with your password or other confidential information such as a Social Security or bank account number. Messages requesting such information are fraudulent and should be deleted.
  • Be suspicious of any message demanding immediate action.

If you receive a questionable email:

  • Don't use the links if the message is directing you to a web page. Open a new browser window and type in the address yourself or do an Internet search for the business/organization.
  • Review the Federal Trade Commission's consumer alert, How Not to Get Hooked by a Phishing Scam and, if warranted, forward the suspected email message to for further action.
  • Permanently delete the message from your inbox.

If the questionable email claims to be from the University:

  • First, make sure the hidden email header information is displayed. Then report the suspicious message by forwarding the email to ITSS at

Keeping fraud out of your inbox:

  • Use your University-assigned email account for messages only.
  • Set up SpamAssassin to scan your University email account.
  • Visit the Federal Trade Commission website for more fraud prevention resources.

If you receive an email you suspect is a phishing scheme, confirm through other means that the email or the website it directs you to is legitimate. This may require you to contact a department within the University or the customer service division of a bank.

For University functions such as registration, billing and payments, or admissions, the University login page should appear for any University pages that ask for personal information. If in doubt, most functions are available on the UMD One Stop Student Services website.