This document explains how to report a phishing email to IT.
Phishing (pronounced “fishing”) is the method of acquiring personal information from people by masquerading as a trusted person or authority. It is a common method for hackers, scammers, and thieves to use to try to get you to reveal your personal information such as account name or number, password, birth date, or social security number. Often, the email message will warn of account abuse or threaten you that your online access will be lost if you do not follow the instructions in the email. You should never send any personal or financial information via email. Also, do not select any links in emails unless you expected someone to send you a link. A friend's email may get compromised and send out links to steal other people's accounts, so always be cautious with links sent in emails.
The university is constantly being bombarded with phishing scams aimed at campus users. The best way to prevent your falling victim to a phishing attempt is to be vigilant and suspicious of any email that asks for personal or financial information. Below is a link to a quick online quiz that will show you sample email messages and help you to learn how to identify phishing messages: http://www.sonicwall.com/phishing/. For more information on phishing, how to avoid these scammers, and general information on online security, please visit: http://onguardonline.gov/phishing.html. Our campus email and anti-spam software are configured to try to block and/or quarantine these emails before they reach your email inbox. Your off campus email providers may not have as sophisticated anti-spam software so you may see phishing messages there as well. The hackers are also constantly changing the text of the message, reply addresses, etc., so it is always possible that some may make it through to your inbox.
If you do receive a phishing email in your university email account, do not respond to the email, but either delete it or forward it as an attachment to email@example.com so that our Security team can investigate it. You may also contact the Help Desk to verify the legitimacy of the email.