Anatomy of a phish: Common red flags
Below are some common tactics that criminals use when phishing University of Utah students, faculty, and staff, and University of Utah Health personnel. These examples are intended to help every U of U user learn how to spot a phish. Use the links to access an overview and example of each tactic (login required). For a list of recent phishing attempts, please visit the Phishing page (login required).
Report a phish
If you receive a phishing attempt through a university email account, the Information Security Office (ISO) asks that you immediately report it using the Phish Alert Button.
- Open or select the suspicious message, then select the Phish Alert Button to send it to the ISO for review.
- If your email client does not have the Phish Alert Button, forward the email as an attachment to email@example.com.
- For more info on how to report suspicious emails, please visit this IT Knowledge Base article.
After reviewing the suspicious email, the ISO will notify you whether it is a phishing attack. If the message is malicious, the ISO will remove it from your inbox and act as needed to protect users and the university.
If, by accident, you open a questionable link and enter login credentials, immediately go to CIS — https://cis.utah.edu/ — and change your password. In addition, contact the ISO's Security Operations Center at firstname.lastname@example.org to notify information security staff.
If you need additional assistance, please contact your central IT help desk:
- Main Campus UIT Help Desk: 801-581-4000
- University of Utah Health ITS Service Desk: 801-587-6000
Report a scam
To make a police report regarding a scam, call the University of Utah Police at 801-585-2677 and ask to speak with an officer. This request will create a call log, which will show the date, time, and nature of your complaint. After speaking with an officer, you will receive instructions on next steps.