For in-depth information on phishing, visit the UA Info Security Phishing page.
In general, if an email seems phishy, it probably is. When in doubt:
- Contact the sender (via phone or in a separate email or in person) to determine if the message is legit.
- Check the UA Phishing Alerts page.
- Forward the message your systems staff (LPL Systems, PIRL Sys, or OREX SA's) for evaluation.
Here are six characteristics of phishing emails. Watch for them!
- The email message is poorly written.
Poor grammar, spelling mistakes, and odd turns of phrase are telltale signs of phishing.
- The sender's email address looks phishy.
Phishing emails can come from an address that may look genuine. Take a moment to examine the From-address closely; don’t just check the name of the sender. Check the email address by hovering your cursor over it.
- The message has a suspicious attachment.
Unsolicited emails with attachments are often phishing attempts. If you receive an email from an institution out of the blue that contains an attachment, your phishing alarm should start ringing.
- The message is designed to make you panic.
Phishing is designed to create a false sense of urgency. Slow down and be cautious. A standard ploy is to falsely claim that your account has been compromised or will be closed if you do not act immediately.
- The email asks you to provide personal information.
If you receive an unsolicited email from an institution that asks you to provide sensitive information (like passwords, account numbers, social security numbers), it’s a scam.
- The email contains web addresses that do not look genuine.
Before clicking on any web links in an email message, hover over and inspect each link first. If the link in the text isn't identical to the URL displayed as the cursor hovers over the link, it's malicious. When in doubt, don't touch it.