How can I tell when an email is legitimate?
Published: November 12, 2025
Dear 404,
I keep hearing about phishing scams but some of the emails I get look really convincing — like they’re from campus offices or even professors. How can I tell when an email is legitimate, and what should I do if I accidentally click on something sketchy?
— Suspicious but Curious
Dear Suspicious but Curious,
Phishing emails are the pop-up ads of the modern age — annoying, sneaky and everywhere. The trick? Pause before you click.
- 1
Hover over links. If the address looks off — it probably is.
- 2
Watch for urgency. “Your account will be locked!” is classic phish drama.
- 3
When in doubt, report! Use the U of T Report Phishing button in Outlook or forward the message to report.phishing@utoronto.ca when you receive a suspicious email. Then delete it.
- 4
If you clicked something suspicious — contact your local IT support right away and update your password(s).
To stay up on current university-targeted phishing attempts, check out the Phish Bowl!
Sincerely,
4[0‿0]4
