One of the most common ways for people to steal your money or personal information is through a process called “phishing.” Phishing is a technique that criminals use to obtain sensitive information (including user names, passwords, social security numbers, bank account numbers, and credit card numbers).

It generally works like this:

  • You receive an email that appears to be from a legitimate company or person (for instance, a bank, a credit card company, an auction site, or an IT Administrator).
  • The email usually urges you to click on a link or attachment included in the email. (It may claim that there’s supposedly some sort of problem with your computer or account that needs to be rectified.)
  • If you click the link, you’ll arrive at a website that looks legitimate, but is actually a fraudulent site created by the identity thieves.
  • Once there, you’ll be asked to enter sensitive information. If you enter this information, it can then be used by the criminals to access your personal data, make illegal purchases, and commit fraud.

So how good are you at identifying fraudulent emails? Google has created a quiz to help you find out! Google’s Jigsaw unit recently posted an eight-question quiz that asks you to try and tell the difference between fraudulent emails and legitimate ones. If you get a question wrong, they’ll tell you why, so you can get better at spotting fraudulent emails in the future.

Click here to take the quiz, and see how you do! I personally thought it was pretty challenging. (I felt lucky to get six questions correct.)

And should you receive an email message you suspect is a phishing scam, please forward it to and then promptly delete it. Do not follow its instructions.

If you have already entered your JHED credentials in response to any message you suspect to be phishing, please go to the Johns Hopkins portal to change your password immediately. Contact the Help Desk at 410-516-HELP to report the incident.


Can You Spot When You’re Being Phished? (n.d.). Retrieved from