Don't Fall for These Phishy Tricks

Need to know newsletter from the UC Office of Information Security

Phishing emails are one of the most common cybersecurity threats. With about 319 billion emails sent and received each day, users need to be on high alert for phishing attacks.

According to Proofpoint’s 2021 State of the Phish report, 75% of organizations around the world experienced a phishing attack in 2020. 74% of attacks targeting US businesses succeeded.

But knowing that phishing emails are out there and dangerous is not enough. It’s important to be able to recognize one. Here are some tips from the University of Cincinnati's Office of Information Security:

An urgent phishing email is designed to get you to act fast. It might tell you that your account was hacked or is going to be deactivated — click here to restore it!

Unfortunately, urgent phishing messages are common because they work. Fear makes people do things without thinking, so slow down!

Another type of phishing email asks you to verify your account by logging into a (fake) webpage or clicking a button to update your credentials.

These types of emails can collect your username and password, giving a hacker instant access to your account.

Hackers will try to impersonate someone at your company, real or fake. They might impersonate someone in the HR department, IT department or even a coworker.

In an internal message phishing email, it might ask you to click on a link to read and sign a policy document, read a document about a company- wide update or even try to request sensitive information.

Free things are enticing, but they can also be dangerous. If you get an email saying you won a free TV or “click here to enter a prize drawing,” be on high alert!

Hackers are trying to bait you into clicking a malicious link.

Phishers Attack at Many Levels

Everyone is at risk of phishing, no matter where they are in the food chain. Phishers specifically target CEOs and high-level executives with special phishing attacks intended to entice or fool them. These are known as whaling attacks.

Help! I might be getting phished. What should I do?

If you think you have received a phishing email, it’s important to slow down and examine it.

  • First, look at the sender and domain of the email address. 
  • Hover over any links and see where they might direct you to. 
  • Other phishy identifiers might be misspelled words, incorrect dates or odd requests.

If you see anything, email it to The UC Office of Information Security can help you figure out if it’s a phishy email. Whatever you do, do not click on any links, reply to the email or send it to anyone else!

For any questions, contact UC Office of Information Security at