This email didn't look very official, but it may have piqued your curiosity, especially because it refers to UT Austin and because no one wants to miss an important email message. But, several clues should lead you to think twice about the legitimacy of this email: its sender address, its generic salutation, its suspicious hyperlink, and its poor spelling and grammar. Let's look at the specifics:

1. The sender has set his display name to "Email Alert Center", which perhaps sounds legitimate, but the sender's actual address shows its real origin: austin-mail@webaccess-alert.com. This domain name (webaccess-alert.com) is clearly not associated with UT Austin and should immediately raise doubts. Note that, on mobile devices, you may need to tap the "Details" button to see the sender's actual email address.
2. If this were from the actual operators of the campus mail system, they'd know who you were. Instead, this sender doesn't know your name and just addresses you with a generic "University User" salutation. Though more advanced phishing messages sometimes use your real name, too, a generically addressed message should always raise doubts.
3. Long-press (tap and hold for 1-2 seconds) on this hyperlink instead of tapping, and you'll see that it points to webaccess-alert.com, an unknown website that is clearly not associated with UT Austin or any of our email providers. This is a strong indicator that the email is illegitimate and possibly dangerous.
4. The body of this message contains misspellings, like "retreived", "permanantly", and "Universty" and some poor grammar. It's unlikely that a professionally drafted message from UT Austin would be written so carelessly.

When you encounter a link in an email or on the Web, how do you know whether it's safe to click or tap it?

Hyperlinks have lots of information in them—they can be daunting! Let's break it down so you can focus on the most important parts. Take this link, which is very similar to one observed in a real phishing attack that targeted UT Austin:

That link contains a lot of information, and some of it even looks like it could be legitimate. But, once you understand the structure of links, it becomes easy to see why this link is definitely not safe to visit.

All websites are served by, or "hosted on", computers—much like the ones in your office. The Host part of a link tells you the name of the computer that's serving the website.

And, just as your computer has files and folders on it, websites have them, too. The Directory part of a link is just like a folder path on your computer—a virtual container for documents. The rightmost component of a link is the File Name. This is the specific file you’re looking at, just like you might request a Word document (.doc) or Excel spreadsheet (.xls) on your computer.

The leftmost part of a link is called the Protocol and it specifies a set of rules for how your computer's Web browser will talk to the computer hosting the website. Most sites you visit on the Internet will use HTTP (the Hypertext Transfer Protocol) or HTTPS; the "S" stands for "Secure".

So, now we know what all this information means. But, what’s really important here?

Well, the Protocol is a good place to look first. Sites that start with HTTP get transmitted to and from your computer in the clear—that is, someone sitting between your computer and the computer hosting the website could see all your data going back and forth. Links that begin with HTTPS, on the other hand, are encrypted. Everything the website sends you and everything you send back is scrambled so that it's much more difficult for someone in the middle to snoop on the data.

Does an "S" after the HTTP, by itself, mean a site is safe to visit? No! But, it does mean that information you enter can't be read before it reaches its destination. That's why you should never enter any personal information on a website that doesn't begin with HTTPS—everyone in the middle can see it!

We now know the importance of the Protocol, but even more important is the Host—the name of the computer that's serving the website. The Host in this example is a computer system called legit.web.ru.

Scammers and other bad apples can make Directories and File Names that look legitimate and safe, but they can never make their Host perfectly match a legitimate one.

Here's an example of a legitimate, safe Host:

This link is the website we use to check our campus email and access other Office 365 applications (like Word, Excel, and PowerPoint) on the Web.

Let's break down this Host even further into its constituent parts:

As we saw above, the Host comprises everything between those two slashes after the Protocol, and the first slash that comes after it. Our host here is office365.austin.utexas.edu.

Going deeper, a Host is made up of a Domain and, often, a Subdomain. As we can see here, a Domain consists of the two words to the left of that first single slash—here, those two words are utexas and edu.

Out of everything we've discussed so far, the Domain is the most important part. That's because those two words can never be manipulated; they'll always tell you a website’s true identity. A scammer can't place a website inside utexas.edu, and you know utexas.edu is our legitimate website, so you can be highly certain that this hyperlink is safe to visit:

That second link? Not so much.

Compare the two links above. In the first, the Domain is utexas.edu, while the second one will take you to a Domain called web.ru. That's clearly not a website associated with The University of Texas!

Scammers are crafty, though… take a look at the rest of the web.ru link. The scammer has camouflaged it to make it look more legitimate. How? Well, they're using the HTTPS protocol, which means you'll see that comfy green padlock in your Web browser. They've manipulated the Subdomain (legit) to make their scam seem more trustworthy. And, they've even customized their File Name (office365.austin.utexas.edu.htm) to try to impersonate an official UT Austin host. Sneaky!

Don't take the bait! Before clicking or tapping on any link, always check its Domain to verify whether it's a website you know and trust.

Take a look at your Web browser to find the Domain of the website you’re reading, right now. Is it safe?