Phishing

Phishing is a form of social engineering. Phishing scams appear to originate from a trusted source to trick a user into entering valid credentials or attempt to lure you into revealing your username, password, and other personal identifying information (PII), or clicking on a malicious attachment.

Attackers can use this information to:

  • Steal money from victims (modify direct deposit information, drain bank accounts)
  • Perform identity theft (run up charges on credit cards, open new accounts)
  • Send spam from compromised email accounts
  • Use your credentials to access other campus systems, attack other systems, steal University data, and jeopardize the mission of the campus

Reporting and dealing with Phishing

  1. If you receive a Phishing Email:
  2. After reporting to [email protected], If you are using the Gmail interface, you can report phishing directly to Google:
    1. Sign in to Gmail.
    2. Open the message you'd like to report.
    3. Click the triple-dot icon next to Reply, at the top-right of the message pane.
    4. Select Report phishing.
  3. Delete emails and messages that ask you to confirm or provide personal information.
  4. Do not reply, click on the links, or provide any sensitive information / user credentials.

What to Look For

Be suspicious of all requests. Ask, "Is this real?" Use the following checklist to check for common signs of phishing messages:

  1. Message indicates urgent action is needed
  2. Message indicates negative consequences will occur if action is not taken
  3. Message is not expected
  4. Message sender is not known
  5. Message cannot be read without opening an attachment
  6. Message requests sensitive information be sent
  7. Message directs users to "click here"
  8. Message uses poor grammar and/or spelling
  9. Sender from: name does not match message signature
  10. Sender email address does not match organization name
  11. Sender email address is not the same as the real address
  12. Sender name is not listed in the campus directory

Protect your email and your private messages

  • Use a strong password. Use password with at least 8 characters, including uppercase and lowercase letters, numbers, and symbols.
  • Change your password frequently.
  • Be aware of using public PCs. Be sure that if you are using a computer in a public place that you logout when you are finished.
  • Protect your email address. Be aware of where you display your email.
  • Do not include emails in blog posts or social media posts.
  • Lock up your desktop or laptop and close your email clients when you walk away from your desk.
  • Keep your data secure by using encryption and storing encrypted files.

If you believe your system or account has been compromised, please contact your technical support for assistance.

Contact Email Support