Our Phish Bowl is a collection of real phishing emails that have targeted members of the ESU community. We share these examples so you can recognize the common warning signs and spot suspicious messages faster when they show up in your inbox.
Take a quick look through the latest attempts and you will be better prepared to avoid clicks, protect your account, and report anything that does not look right.
What is Phishing?
Phishing is a scam where someone pretends to be a trusted person or organization to trick you into taking an action. The message may ask you to click a link, open an attachment, enter your password, share personal information, or send money or gift cards. The goal is usually to take over your account, steal information, or commit fraud.
Phishing messages often try to create urgency and pressure you to respond quickly. Common examples include warnings about your email being deactivated, fake notifications about documents or voicemails, payroll or direct deposit changes, and messages that claim to be from a supervisor asking for a favor.
Watch for red flags such as sender addresses that do not match the name, unexpected attachments, links that lead to unfamiliar websites, and any request for your password or verification codes. If a message feels suspicious, do not click links or reply. Report it so it can be reviewed.
Look out for Threats
Email is the official method of communication at East Stroudsburg University. University announcements and business-related correspondence are sent through official ESU email accounts. If you receive a suspicious message, follow the reporting instructions above.
To reduce the risk of account compromise, make these steps part of your regular email routine.
Email Safety Checklist
Many messages sent from outside the university are labeled [EXTERNAL] in the subject line. That tag is a reminder to slow down and take a closer look, especially if the email is asking you to click a link, open an attachment, or share information.
Do not rely on the display name alone. A message can appear to come from someone you know even when it is not. Check the sender’s email address and confirm it matches an official ESU address. Be especially cautious when the message claims to be from a supervisor, department leader, or an office that normally communicates through established channels.
Before you click anything, hover over links to preview where they really go. Ask yourself if the address looks legitimate and matches what the message is claiming. If an email says it is from ESU but the link points to an unrelated or unfamiliar website, treat it as suspicious.
Phishing emails often contain awkward wording, unusual formatting, or grammar and spelling mistakes. One error does not prove it is a scam, but multiple issues are a strong warning sign.
Scammers try to rush you. Messages that demand immediate action, threaten consequences, or ask for money or gift cards are common phishing tactics. If you feel pressured to act quickly, stop and verify first.
Phishing attempts can look convincing. Attackers may copy logos, use familiar names, and imitate real services. If the email is unexpected and asks you to sign in, share information, or take action, take a moment to double-check the details before you respond.
Contact Us
Campus Address
Science & Technology Center 233
(570) 422-3995
Director Web Services
Omar Williams
owilliams7@esu.edu
(570) 422-3995
