Is the email is allegedly coming from a reputable source within your organization?

Cross check the email address against the one listed in your Outlook directory. For example, if the email is supposed to be from Human Resources, does it match the email address on messages you have received from Human Resources in the past? If you try to email HR directly from Outlook, does the same email address pop up?

Is this type of request typical or new?

If you have not received this type of email before, reach out to the department it is associated with directly, or contact IT to verify its legitimacy. It is always OK to ask questions.

If the email is expected and associated with a familiar department, does the format of the email look familiar, or does it seem new and strange to you?

Look for USF branding in the email and familiar names of people you've interacted with in the past. Have you received an email from this department before? If possible, look at the old email to see if the new one looks similar.

Does the email require you to enter too much data or information than what seems necessary? Is it asking you for passwords or codes in unexpected places?

This is a major indicator that you might be dealing with a scammer. USF will never ask you to provide your passwords or MFA codes outside of official login pages/applications.

Was this text, message, email or phone call one that you were expecting? Did this person contact you out of nowhere?

This isn't necessarily a sign of a phishing attempt, but it's still a helpful element of context to consider when evaluating the legitimacy of a communication.

Are there unusual spellings, typos and sketchy links?

Hackers are becoming more sophisticated. We are seeing less obvious signs such as these in phishing emails, however these are still important to watch out for and still frequently appear.