Phishing - Don't take the Bait

What is Phishing?

Phishing: Typically fraudulent email messages appearing to come legitimate enterprises (e.g., the university, Internet service provider, banks). These messages usually direct a user to a spoofed website or otherwise get the user to divulge private information (e.g., passphrase, credit card, or other account updates). 

Spear Phishing:  UC faculty, staff, and students receive multiple spear phishing attempts each week.  Spear phishing targets a particular group (e.g., members of the UC community) in order to trick recipients into providing information or clicking on attachments or links in the email in order to gain access to a system or data. 

Spoofing: Email spoofing is the forgery of an email so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing attempts because users are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get users to open, and possibly even respond to a solicitation.

How to identify a phishing attempt Expand

Users can identify a phishing attempt by looking for email messages that:

  • Create a sense of urgency
  • Invoke strong emotions, like greed or fear
  • Request sensitive data
  • Contain links that do not appear to match legitimate resources for the organization that is contacting the user

Phishing attempts can have a number of different goals. They may attempt to:

  • Gain access to the users personal data
  • Target the users cash and payment card data
  • Gain control of the users computer and local network resources
  • Gain access to the users university credentials

Phishing emails typically attempt to take advantage of the user by:

  • Delivering file attachments that can infect your computer with harmful software
  • Tempting the user to click on links to websites that infect their computer with harmful software
  • Tricking the user into sharing their username and password so hackers can gain access to networks or other sites

Report Phishing Expand

Although a users first instinct may be to ignore or delete suspicious emails, it is recommended that the user reports them to the Office of Information Security (OIS). OIS will examine the email and, if necessary, advise the user of any further steps the may need to taken.

To report a phishing attempt, forward the phishing email to