Detect and Protect Yourself from Phishing

This article provides guidance on how to identify phishing messages and protect yourself from scams.

If you believe you have received a phishing email, report it.

Phishing Overview

Phishing is the attempt to obtain sensitive information such as usernames, passwords, social security numbers, and financial information, often for malicious reasons. By leveraging public information, such as email addresses from the University Phonebook, these messages can appear legitimate. Although the University’s spam mail filters and security processes reduce the threat to our community, they cannot eradicate all phishing. The best way to avoid being a victim of a phishing scam is to not fall for it. Below is information about how to detect and handle phishing messages.

Smishing, a prevalent variant of phishing attacks, are carried out via fraudulent text messages to your number or via messaging apps. If you have received a text from an unknown number that seems strange, asks for personal information, or contains suspicious links, do not respond. Report and block the number. Note: If you think the number may be legitimate, confirm the identity by calling a trusted source, not the unknown number.

Common examples of phishing emails may include (fake) employment opportunities, account deactivation, and lottery or prize scams. For more information on the types of phishing, see Stay Out of the Phish Bowl. To protect yourself from phishing attempts, be on the lookout for some of these red flags:

  • Urgent requests. Phishing attacks attempt to induce panic in the receiver and cause the person to act before investigating the authenticity of the request.

  • Bad spelling or grammar. Phishing messages are notorious for containing misspelled words or poor grammar.

  • Mismatched email address information. Make sure the email address displayed in the From: field matches the address listed behind mailto:.

  • Generic signature line. A university message is typically signed by a university official, whose name you can verify, and have credible contact information.

  • Unexpected requests regarding personal information. Be extremely wary of following links or answering questions from contacts you did not initiate.

 

Phishing email with red arrows pointing to concerning parts.
Example of a phishing email (that has been moved to spam).

Always inspect links and attachments before you click on them. Links can direct you to spoofed web pages or download harmful files on your system. If the message contains any of the red flags listed above, do not click the link or download the message. Confirm the legitimacy of a message by calling the company or organization.

UConn has enabled Advance Threat Protection (ATP) on all University email services. ATP provides protection against malicious links and unsafe attachments. However, continue to exercise caution and do not click on suspicious links. Remember that no detection method can provide complete protection.

  • Safe Links: All URLs are rewritten through Office 365 and appear as https://na01.safelinks.protection.outlook.com/... . If a link is safe, you will still go to the intended location. If a link is unsafe, you will see a warning message.

  • Attachments: All attachments are scanned for malware and access to attachments considered unsafe will be blocked.

The information above provides a general approach to identifying and handling a suspected phishing email. For more specific information about securing a compromised NetID, Google Apps, or Office 365 account, see Handling Your Compromised Account. 

Managing Clicked Phishing Links

If you have accidentally clicked on a link in a phishing email or given personal account login credentials or other information, you should immediately take the following steps:

  1. Change your password directly through the company or organization's official website. For extra certainty, type the address into your web browser directly. UConn community users (i.e., students, faculty, staff, etc) can change their NetID password on the NetID website.

  2. Review account statements and activity. ITS also regularly monitors for suspicious activities associated with phishing attacks.

  3. Run a virus scan on your computer to detect and remove any potentially harmful software downloaded on your system after clicking on a link.

For more information or assistance in determining the validity of any request you receive in an email, contact the Technology Support Center at (860) 486-4357 or techsupport@uconn.edu.

Reporting Phishing Messages

You can report any spam or phishing messages by forwarding the email to reportphishing@uconn.edu. 

For more information about reporting suspected phishing emails, see Reporting Spam and Phishing Messages.

Related Articles