Don't Get Hooked!
Phishing is an email fraud method used by hackers and thieves to lure unsuspecting recipients into giving away their sensitive information or downloading malicious software.
Phishing = Social Engineering
- Typically uses urgent or exciting language to get you to act quickly without thinking
- Asks for passwords, bank account information, usernames, credit card numbers, social security numbers, etc.
- Displays fake URLs that actually direct you to dangerous sites
- Contains attachments that you are directed to open for an urgent reason, or because you will gain something important from doing so.
Don't Trust -- Verify!
- Never respond to any suspicious email by clicking on links, opening unexpected attachments, or providing personal or financial information.
- Don't believe everything you read. If you are unsure as to whether a website is legitimate, confirm it by contacting the company or organization.
- Double-check links of websites you visit. "Google" the site to ensure the link is correct.
- Double-check email to your campus address that is marked External.
- Never provide personal information or information about your company/organization via email, text, or over the phone.
If You Are Compromised
- If you believe you might have inadvertently revealed sensitive university information such as your NetID password, you should change your password immediately. If you have additionally questions, comments or concerns contact UA Information Security at security@arizona.edu or (520) 626-8324.
- If you provided personal information that could be used for identity theft or fraud in response to a fraudulent email, you should immediately contact the company being spoofed.
Report that Phish!
If you receive a suspicious email, and it is NOT listed in our Phishing Alerts, please forward the email to UA Information Security in one of the following two ways:
- Instructions on forwarding the email as an attachment
- Send the full email headers
Our office works with UITS using the information you provide in order to minimize the current phishing threat. We will also use the information for analysis and trending information on security threats to campus.
Resources
- Extortion Phishing Campaign
- Phishing Emails Illustrated
- All About Phishing: Don't Bite (awareness brochure)
- Be Aware of Phishing (awareness handout)
- Report a Phish (awareness flyer)
- Don't Get Hooked (awareness flyer)
- UA Phishing Alerts
- UA Phishing Alert RSS Feed (link to subscribe)
- Forwarding Phishing Email as an Attachment Guide
- Full Email Headers Guide
- Lo Que Pasa Guest Column: "Don't Get Hooked by Phishing Attacks"
- Phishing Quizzes
- US-Cert Avoiding Social Engineering & Phishing Attacks
- Phishing Quick Facts
- Sophos: Simple Steps to Avoid Being Phished
- TechRepublic: 10 Tips for Spotting a Phishing Email
- Anatomy of an i-Tunes Phish