This email was designed to look convincing! But, even though it looks like it might be official, there are still a few clues that should lead you to think twice about the legitimacy of this email: its sender name, its fake department name, its misspellings, and—most importantly—its suspicious hyperlink. Let's look at the specifics:

1. It's hard to discern, based solely on the sender name, whether this message is phishy. In uncommon scenarios, EID passwords are compromised and scammers use that access to send out spam and phish as quickly as possible before their access is cut off. When you're addressed by a purported UT employee, you could check the UT Directory and find—in this case—that there is no Jim Barnaby at UT Austin.
2. There is no department with the name "Research Management" at UT Austin. Run a quick search at www.utexas.edu and it turns up no relevant results; that should give you pause.
3. Overall, the language in this message is pretty solid, but a keen eye will recognize that the name of the nonexistent department is misspelled as "Research Managment". It's unlikely that an official University email would misspell the name of the department that sent it.
4. Long-press (tap and hold for 1-2 seconds) on this hyperlink instead of tapping and you'll see that it points to send-secure.eu, an unknown website that is clearly not associated with UT Austin or any of our known service providers. This is a strong indicator that the email is illegitimate and likely dangerous. Don't click it!

These clues should cast doubt on the legitimacy of the email.

Maybe you clicked on that phishy email link, not realizing it was a scam—if you did, you'd end up on a page with a big "UTEXAS" logo and a login prompt asking for your UT EID and password. Had this been an actual scam, it's possible that in addition to collecting your password to use for nefarious purposes, this webpage could have hidden code that infects your computer with malware designed to steal your personal information, activate your camera or microphone, record your keystrokes, or even lock you out of your computer by encrypting it.

That'd be bad, but giving away your password would make things even worse. How can you tell this webpage isn't legitimate?

1. This webpage is protected by TLS encryption, which is why your web browser shows the green padlock in the address bar. However, just because your connection to a shady website is encrypted doesn't mean it's not a shady website! The biggest giveaway here is the domain name: sendsecure.eu. This isn't tied to UT Austin and its provenance is unknown. You shouldn't trust it.
2. The title of the page is "UTEXAS Training Systems" which doesn't match the purported purpose of the page, which is to sign in to a research grant tracking application called "GrantView".
3. Tech-savvy users may recognize that AES-768 encryption does not exist.

Check out the Is That Link Safe? tab to the right to learn how to determine whether hyperlinks can be trusted.

When you encounter a link in an email or on the Web, how do you know whether it's safe to click or tap it?

Hyperlinks have lots of information in them—they can be daunting! Let's break it down so you can focus on the most important parts. Take this link, which is very similar to one observed in a real phishing attack that targeted UT Austin:

That link contains a lot of information, and some of it even looks like it could be legitimate. But, once you understand the structure of links, it becomes easy to see why this link is definitely not safe to visit.

All websites are served by, or "hosted on", computers—much like the ones in your office. The Host part of a link tells you the name of the computer that's serving the website.

And, just as your computer has files and folders on it, websites have them, too. The Directory part of a link is just like a folder path on your computer—a virtual container for documents. The rightmost component of a link is the File Name. This is the specific file you’re looking at, just like you might request a Word document (.doc) or Excel spreadsheet (.xls) on your computer.

The leftmost part of a link is called the Protocol and it specifies a set of rules for how your computer's Web browser will talk to the computer hosting the website. Most sites you visit on the Internet will use HTTP (the Hypertext Transfer Protocol) or HTTPS; the "S" stands for "Secure".

So, now we know what all this information means. But, what’s really important here?

Well, the Protocol is a good place to look first. Sites that start with HTTP get transmitted to and from your computer in the clear—that is, someone sitting between your computer and the computer hosting the website could see all your data going back and forth. Links that begin with HTTPS, on the other hand, are encrypted. Everything the website sends you and everything you send back is scrambled so that it's much more difficult for someone in the middle to snoop on the data.

Does an "S" after the HTTP, by itself, mean a site is safe to visit? No! But, it does mean that information you enter can't be read before it reaches its destination. That's why you should never enter any personal information on a website that doesn't begin with HTTPS—everyone in the middle can see it!

We now know the importance of the Protocol, but even more important is the Host—the name of the computer that's serving the website. The Host in this example is a computer system called legit.web.ru.

Scammers and other bad apples can make Directories and File Names that look legitimate and safe, but they can never make their Host perfectly match a legitimate one.

Here's an example of a legitimate, safe Host:

This link is the website we use to check our campus email and access other Office 365 applications (like Word, Excel, and PowerPoint) on the Web.

Let's break down this Host even further into its constituent parts:

As we saw above, the Host comprises everything between those two slashes after the Protocol, and the first slash that comes after it. Our host here is office365.austin.utexas.edu.

Going deeper, a Host is made up of a Domain and, often, a Subdomain. As we can see here, a Domain consists of the two words to the left of that first single slash—here, those two words are utexas and edu.

Out of everything we've discussed so far, the Domain is the most important part. That's because those two words can never be manipulated; they'll always tell you a website’s true identity. A scammer can't place a website inside utexas.edu, and you know utexas.edu is our legitimate website, so you can be highly certain that this hyperlink is safe to visit:

That second link? Not so much.

Compare the two links above. In the first, the Domain is utexas.edu, while the second one will take you to a Domain called web.ru. That's clearly not a website associated with The University of Texas!

Scammers are crafty, though… take a look at the rest of the web.ru link. The scammer has camouflaged it to make it look more legitimate. How? Well, they're using the HTTPS protocol, which means you'll see that comfy green padlock in your Web browser. They've manipulated the Subdomain (legit) to make their scam seem more trustworthy. And, they've even customized their File Name (office365.austin.utexas.edu.htm) to try to impersonate an official UT Austin host. Sneaky!

Don't take the bait! Before clicking or tapping on any link, always check its Domain to verify whether it's a website you know and trust.

Take a look at your Web browser to find the Domain of the website you’re reading, right now. Is it safe?