Phishing FAQs and Guidance

Phishing is when someone pretends to be a legitimate organization or individual and contacts you electronically or by phone in an attempt to trick you into divulging private or sensitive information. ITS encourages faculty, staff, and students to use the report button in Outlook if they receive a phishing message in Outlook. This action will automatically remove the message from their inbox and alert Information Technology Services of the threat.

Below are frequently asked questions about using the report button and responding to a threat:

Do not click any links or pictures, respond to the email, or open any attachments. The act of opening an email message alone typically does not pose a threat.

If the message is requesting that you to take job related action (e.g. fulfill training requirement, reset your password), use your critical thinking skills. Here are some safe ways to figure out if you should act on the request:

Use published/verified contact information to communicate directly with the University department that supposedly sent you the email without directly replying to the email in question. Explain that you received an email requiring you to act and ask for clarity if you have any existing obligations with that department. Do not forward the email directly to anyone.

Open a browser and navigate to the “sender” department’s website. Log into their portal(s) directly to determine if any action is required.

Ask a colleague if they know anything about the requirement. Do not reshare the email in question, however.

If the message is not a request related to your job (meaning you perceive no consequences to inaction), simply do nothing. Confident reporting improves UConn’s response to phishing, but if you are unsure and are worried to make the wrong judgement call, the next best thing is to do nothing (neither engage with the email nor report it).

Note the difference between “spam” and “scam.” If you are receiving unwanted emails from a legitimate service, ask yourself “did I sign up for this?” If the answer is yes, unsubscribe. Otherwise, you can report spam as well using Outlook’s report button.

Further risk to you and your account exists if you 1) clicked a link/picture 2) entered credentials/filled out a form, 3) opened an attachment, and/or 4) replied to the attacker (by any means).

If you shared your password, for example, by entering your credentials into a scam website, update your password. Your NetID password can be updated at http://netid.uconn.edu . you should also make sure no Duo devices were added to your account.

You should notify the Technology Support Center if you believe your NetID password was shared with the attacker. The TSC will route your concern to the appropriate teams who may further investigate the issue and mitigate any possible threats to University accounts or the network.

If you believe you have been defrauded or endured any personal harm, please report your concern to the UConn Police or your local police.

The message likely still exists in your deleted folder. Navigate to your deleted folder and search for the message.

Related Articles