Don't Get Hooked!
Phishing is an email fraud method used by hackers and thieves to lure unsuspecting recipients into giving away their sensitive information or downloading malicious software.
Phishing = Social Engineering
- Typically uses urgent or exciting language to get you to act quickly without thinking
- Asks for passwords, bank account information, usernames, credit card numbers, social security numbers, etc.
- Displays fake URLs that actually direct you to dangerous sites
- Contains attachments that you are directed to open for an urgent reason, or because you will gain something important from doing so.
Don't Trust -- Verify!
- Never respond to any suspicious email by clicking on links, opening unexpected attachments, or providing personal or financial information.
- Don't believe everything you read. If you are unsure as to whether a website is legitimate, confirm it by contacting the company or organization.
- Double-check links of websites you visit. "Google" the site to ensure the link is correct.
- Double-check email to your campus address that is marked External.
- Never provide personal information or information about your company/organization via email, text, or over the phone.
If You Are Compromised
- If you believe you might have inadvertently revealed sensitive university information such as your NetID password, you should change your password immediately. If you have additionally questions, comments or concerns contact UA Information Security at email@example.com or (520) 626-8324.
- If you provided personal information that could be used for identity theft or fraud in response to a fraudulent email, you should immediately contact the company being spoofed.
Report that Phish!
If you receive a suspicious email, and it is NOT listed in our Phishing Alerts, please forward the email to UA Information Security as an attachment. Instructions for forwarding as an attachment can be found here: Forwarding Emails as Attachments
Our office works with UITS using the information you provide in order to minimize the current phishing threat. We will also use the information for analysis and trending information on security threats to campus.
- Extortion Phishing Campaign
- Phishing Emails Illustrated
- All About Phishing: Don't Bite (awareness brochure)
- Be Aware of Phishing (awareness handout)
- UA Phishing Alerts
- Forwarding Phishing Email as an Attachment Guide
- Full Email Headers Guide
- Lo Que Pasa Guest Column: "Don't Get Hooked by Phishing Attacks"
- Phishing Quiz (Open DNS)
- US-Cert Avoiding Social Engineering & Phishing Attacks
- Anatomy of an i-Tunes Phish
- Phish Me If You Can (Phishing Game)