Phishing

Use the “Report” button in Outlook or forward any suspicious messages to infosec@uc.edu for further review.

Staying Off the Hook

Phishing stands as the most prevalent form of social engineering—a sophisticated tactic in which a threat actor fabricates a compelling narrative to manipulate you into performing actions on their behalf or disclosing private information. 

This deceptive technique primarily occurs via email but can also manifest through text (smishing) or phone calls (vishing).

Keep reading as we dissect an example of a phishing email, breaking down elements to be aware of:

Image showing examples of red flags in phishing emails including suspicious senders, urgent subject lines, and generic greetings..

Unusual Sender Email: Always double-check the sender's email address. Official communications should come from a university (or other official) domain, not a free email service like Gmail.

Urgent subject lines: Urgent subject lines in emails can often be a red flag, indicating a potential phishing attempt designed to provoke immediate action.

Generic Greeting: Official emails will usually address you by your full name. Be wary of emails that use generic greetings like "Dear User."

Image of phishing email showing example of red flags including suspicious links, requests for sensitive information, and incomplete/inconsistent signatures.

Suspicious Links: Hover over any links to see the address, go directly to the senders website to verify information, avoid clicking links or opening attachments until you have verified. Call the company direct to verify the information using contact information from their website.

Request for Sensitive Information: No legitimate organization will ask for your username and password via email. Verify all requests by going directly to the website.

Incomplete Signature: If a name, number, and/or email address is given, cross-check it within the campus community and confirm through official channels that the message is legitimate.

Being aware of these red flags can make all the difference in protecting your personal information. Stay vigilant, double-check details, and when in doubt, reach out to official channels for verification. Secure yourself now and avoid the headache of a compromise later!


Need IT Help?