Phishing

"Phishing” is where fraudsters send spam or pop-up messages to lure recipients into volunteering personal, financial or credential-related information from unsuspecting victims. That information can then be used to commit identity theft, or enter password-protected sites using your account. As phishing schemes become more sophisticated, it becomes increasingly important to be vigilant.

Learn more about how to spot a bogus phishing message, the important steps you can take to avoid getting “hooked,” and what to do if you've mistakenly responded to a phishing email with your personal information.

The "Do's, Don'ts, and Nevers" of Phishing
What To Do If You're Compromised
UA Presentations
Resources

The "Dos, Don'ts and Nevers" of Phishing

DO Delete suspicious messages immediately.
DON'T click on any links in the message.
NEVER respond to an unsolicited email, or supply personal information as requested by an email, even if the message looks real.
NEVER supply your passwords or other sensitive information via an email message. No legitimate organization will request your password or other types of sensitive information via an email message.

UA will NEVER ask you to reveal personal information, such as passwords or other restricted data, by e-mail, phone, text or other means of communication. You may be asked to change or strengthen a password but never to disclose it outright via email.

What to do if you're compromised

If you believe you might have inadvertently revealed sensitive university information such as your NetID password, you should change your password immediately. If you have additionally questions, comments or concerns contact the University Information Security Office at iso@u.arizona.edu or 621-UISO (8476).

If you provided personal financial accounts information that could be used for identity theft or fraud in response to a fraudulent e-mail claiming to be sent by outside agencies (PayPal, Wells Fargo or Arizona State Credit Union, for example), you should immediately contact the company being spoofed.

UA Presentations

FROM RUSSIA WITHOUT LOVE: Identity Theft & Phishing (Video presentation) (PowerPoint presentation)

Resources

UA Computer Security Resources
How to Recognize and Respond to Phishing - April 08 - Sec-U-R-IT-y Tips Monthly Newsletter (from MS-ISAC)
Phishing Alert
"Phishing" Example
Home Computer Security - CERT Coordination Center
Avoiding Social Engineering and Phishing Attacks by US-CERT
Phishing Quick Facts by OnGuardOnline.gov
How Not to Get Hooked by a 'Phishing' Scam from FTC