How to identify illegitimate email

Do not click just because an email tells you to!

1.       Look at who it is from. If it is not from someone you recognize or appears to be from some vague office at Duke or other entity, be suspicious.

2.       Look at the expression of urgency. If the email wants you to act right away, be suspicious.

3.       Look at what the email wants you to do. If the only option is clicking on a link or an attachment, be suspicious.

4.       Look for clues that it is not genuine.

  1. Are there spelling or grammar mistakes that you wouldn't expect?
  2. Does the From: address text say it’s from Duke or some other respected entity, but the email seems to come from some other account?

If any of these are true, be suspicious.

What do you do if you are suspicious?

Duke email is now protected by ProofPoint's URLDefense system. All non-Duke links are rewritten so that they go to the URLDefense site first. This will help catch a lot of phishing and malware attacks (phishing is in pursuit of your personal info or access, and malware seeks to compromise your computer/device). But there will always be sites that sneak through, at least for a while. Suspicion is still key.

After examining everything, you may conclude it is a phishing or malware email, and if so, just delete it. After examining everything, you may be unsure. If so, contact the law school’s Academic Technologies help desk before you click: 919-613-7072 or You can also get assistance from the Duke Office of Information Technology service desk: 919-684-2200 or .