Skip to content

Information Security Office

University Information Technology (UIT)

Main Navigation

“Phishing” is an IT term for a cybercrime in which people try to fool other people into sending them money or revealing personal information online. The name comes from the idea of fishing: Scammers send a message that acts as bait, hoping to “hook” someone. 

The good news is that you have the power to throw these phish back! Let’s take a minute to talk about what you can do to avoid phishing.  

First, be cautious. Remember the old warning about not talking to strangers? It goes double on the internet, since anyone can pretend to be anyone else and an email from an exciting new friend could actually be a trick. 

Second, remember not to share sensitive information through emails. No legitimate organization would ask for personal details, such as your passwords, credit card numbers, and Social Security Number in an email. 

Anatomy of a phish: Common red flags

Some key indicators of a phishing scheme or scam include:

Time stamp

  • It's outside of work hours or late at night

Other recipients

  • You are among a group of people you don't know

Sender

  • The sender isn't someone you know
  • The sender is outside of your organization
  • The sender's email address impersonates someone you know
  • The email address contains a suspicious domain or spelling errors

Greeting

  • It's generic, unusual, or missing

Subject

  • It's a reply to an email you did not send
  • It does not match the message's content
  • It contains spelling, punctuation, or grammar errors

The message

  • It's unexpected
  • It creates a sense of urgency (e.g., "Respond ASAP!")
  • It asks you to do something in order to avoid a negative consequence or to gain something of value
  • It requests personal information
  • It asks you to update or verify an account
  • It contains repeated spelling, punctuation, or grammar errors
  • It gives you an uncomfortable gut feeling

A phishing scheme. Can you spot all the red flags?

The email above is a phishing scheme. Can you spot all the red flags? Select the image to view a larger version.

Attachment(s)

  • You weren't expecting an attachment
  • It's a potentially dangerous file type

Hyperlink(s)

  • It includes misspellings
  • It's displayed with no additional information
  • It's been shortened
  • It indicates a different website when you hover over the text

Signature

  • It's generic, unusual, or missing

CAN YOU SPOT THE RED FLAGS IN THIS PHISH?

A spoof or impersonation of a University of Utah login page. Criminals use pages like this to trick you into entering your credentials. If you look closer, though, you can see it's not a secure university webpage.

The website above spoofs or impersonates a University of Utah login page. Criminals use pages like this to trick you into entering your credentials. If you look closer, though, you can see it's not a secure university webpage. Select the image to view a larger version.

Forged websites

Links in phishing emails often impersonate known, trusted websites but lead to webpages where criminals can steal your credentials or personal information, prompt downloads that are malicious, or launch further attacks.

Before opening a link in an email, hover over it to ensure the URL is accurate — it matches the text and there are no spelling errors. When you open links provided via email, also check the webpage for red flags before entering your credentials or providing any personal information.

In addition to the red flags you'd find in an email, these are the items for websites that should put you on high alert:

  • Spelling/grammar errors in the URL or on the webpage
  • An unknown URL or a URL with a strange domain (e.g., .ie, .ml, .ne, .ru)
  • No lock in the URL field that indicates the page is secure
  • Missing or poorly duplicated images

Resource: 5 ways to identify a phishing website

 

Is that website safe? Check its status.

Phishing tactics

RECENT PHISHING ATTEMPTS

Below are some common tactics that criminals use when phishing University of Utah students, faculty, and staff, and University of Utah Health personnel. These examples are intended to help every U of U user learn how to spot a phish. Use the links to access an overview and example of each tactic (login required). For a list of recent phishing attempts, please visit the Phishing page (login required).

An email with a message that says "job offer."

Job offers 

If you receive a job offer that seems too good to be true, it may be an employment scam. Scammers often target students, offering large amounts of money for little work. 

Example: Employment scam

A stick figure holding a mask up to its face.

Impersonation

Criminals often use email addresses that impersonate the university, maybe even students, colleagues, or professors, and reputable companies. Impersonators might request gift cards, phone numbers, or additional personal information, or offer opportunities to good to be true.

Example: Impersonation scam

A megaphone

Calls to action

Criminals often try to gain access to your university credentials by sending emails that indicate an issue with your password, email, or other online accounts. They may also ask you to log in to make updates. The emails usually include an urgent call to action and contain links to a malicious webpage.

Example: Request to verify account

An email with a message containing a link. Below it, a button that says "click here."

Suspicious links

If you receive a suspicious email with a link, don’t click! Instead hover your mouse over the link text to reveal the real address and see if the URL matches what's in the email.

Example: Suspicious link

An attachment file.

Malicious attachments 

Attackers will email attachments containing malware disguised as harmless Word documents, PDFs, images, etc. The message in the email will try to persuade you to open these attachments, allowing the attackers to steal your information or take control of your devices. The emails will often impersonate university organizations or officials to trick you into opening them.

Example: Malicious attachment

The front and back of two credit, debit, or gift cards.

Requests for money, gift cards, etc.

Criminals will often impersonate university leadership, requesting money, gift cards, or financial or personal information. They may also ask you to log in to a university account, such as CIS, using a provided link that allows them to steal your credentials or infect your devices.

Example: Financial scam

A phone or tablet showing app icons. To the right, a pop-up window with lines that indicate text.

Software/subscription invoices or registrations

Criminals will send emails that say you owe money for software, need to update your software, or you've registered for a subscription product or service. 

Example: Software scam

RECENT PHISHING ATTEMPTS

Report a phish

If you receive a phishing attempt through a university email account, the Information Security Office (ISO) asks that you immediately report it using the Phish Alert Button.

  • Open or select the suspicious message, then select the Phish Alert Button to send it to the ISO for review.
  • If your email client does not have the Phish Alert Button, forward the email as an attachment to phish@utah.edu.
  • For more info on how to report suspicious emails, please visit this IT Knowledge Base article.

After reviewing the suspicious email, the ISO will notify you whether it is a phishing attack. If the message is malicious, the ISO will remove it from your inbox and act as needed to protect users and the university.

If, by accident, you open a questionable link and enter login credentials, immediately go to CIS — https://cis.utah.edu/ — and change your password. In addition, contact the ISO's Security Operations Center at soc@utah.edu to notify information security staff.

If you need additional assistance, please contact your central IT help desk:

  • Main Campus UIT Help Desk: 801-581-4000
  • University of Utah Health ITS Service Desk: 801-587-6000

Report a scam

To make a police report regarding a scam, call the University of Utah Police at 801-585-2677 and ask to speak with an officer. This request will create a call log, which will show the date, time, and nature of your complaint. After speaking with an officer, you will receive instructions on next steps.

Beware of phishing, which is becoming more popular, with these tips.

A middle-aged white man (who we will call the "fisher" from now on) wearing a green fishing vest with many pockets walks through a grove of trees, holding a fishing pole and tackle box. He has short, light brown hair and scruffy facial hair, and wears a red, white, and blue flannel shirt and jeans. He sets the pole and tackle box on the ground and stretches his arms above his head. White text flies up, reading "phish•ing." More white text follows, reading:

"phish•ing /fi-SHiNG/"

"noun"

"Tricking a user into sharing personal information or login credentials by posing as an official source."

0:09: The video transitions to the fisher sitting at a desk with two computer monitors. The monitor on the left shows a document containing a pie chart; the monitor on the right shows a yacht on water. The man rubs his hands together and cracks his knuckles, then begins to type on his keyboard. Near his keyboard, under the monitors, he has Funko Pop statues and comic book figurines. 

0:13: The video transitions back to the fisher in the grove of trees. The video zooms in on the fisher's hands; he holds a small, metal box containing fishing lures. He selects a lure and attaches it to his fishing line. He then walks toward a red block U statue on the University of Utah campus.

0:23: The video moves to a shared work table, where a man and woman huddle over their Apple laptops. The white man has dark, short hair and wears a light-colored button-up shirt and khaki pants; the white woman has long, dark, wavy hair and wears a black dress. She holds a dark folder open in her lap. A woman sits adjacent to them, wearing headphones and using her Apple laptop. She has dark hair pulled into a bun and wears dark glasses and a light-colored hoodie.

0:25: The video transitions back to the fisher, who stands in front of the "Imagine U" side of Marriott Library, casting his fishing line toward the building. He walks through campus again, passing a set of stairs and multiple street lamps. He then casts his line toward a white female student passing by on the sidewalk, which is lined with trees full of leaves. The red block U is behind him on the left. The student — who is wearing a multicolored, short-sleeved shirt with chevron patterns, black pants, and a backpack — shies away.

0:35: The fisher continues casting his line in various places around campus. In one scene, he even pops out beyond a bush to startle a man passing by. The white man is wearing a blue button-down shirt with the sleeves rolled up and jeans. In another scene, the fisher casts his line toward a white male man who is walking his bike on the sidewalk. The cyclist has long light brown or blond hair, and wears red flannel, dark jeans, a red and white hat, and a backpack and carries a light-colored helmet. He ducks from the fishing line.

0:41: In the next scene, the fisher climbs a rock and looks out over the landscape. He then appears to reel in his fishing line, which is taut. Text fades in from the left, reading "You will never receive a threatening or intimidating email from any legitimate University source."

0:48: The video transitions to a man, whose face we cannot see, typing on a black laptop with a U drum and feather sticker and a white sticker in the shape of Alaska. He is wearing a white shirt with a dark graphic, Apple headphones, and a red and white braided bracelet. On the desk, there is a couple of notebooks, and red and blue pens. Light filters in behind him. Text fades in from the left, reading "Never share your uNID and password with anyone."

0:53: The video transitions to a black screen that shows icons and text on the common signs of phishing scams, including the "no" symbol and a tip that reads: "Common Phishing Scams." A pointer moves to reveal the following bullet points: 

  • "Unusual email language, poor spelling or grammar"
  • "The URL doesn't match webpage"

1:02: The video then moves to into an example of a webpage in the Safari browser. The URL reads "www.TAKEALLYOURMONEYANDRUN.org," and the page imitates a University of Utah login screen. A browser tab in the background reads, "Funny Cats — YouTube." The video zooms in on the URL, which is highlighted with a white overlay while the rest of the screen is darkened by a black overlay.

1:05: The video returns to the bullet point list of common phishing scams. The next item reads, "When hovering over link, it doesn't match the promised content."

1:08: The screen transitions to an email client, which shows an example of an email. Highlighted is a link that reads, "here" but shows a URL to "http://takeallyourmoneyandrun.org."

1:11: The video transitions into a library, where an Asian man sits at a desk with his hands on the keyboard of the laptop open in front of him. He is wearing a checkered button-down shirt with the sleeves pushed up and a pair of glasses. His hair is black and a bit long around the ears, forehead, and back of the neck. A backpack or messenger bag is on the table next to his laptop, and a chair is open to his left. In the background, light filters in from large windows and two stacks/shelves hold numerous books.

1:15: The video zooms in on the Asian man and his laptop. On the screen, text reads "Guard your uNID and password like your Social Security number." Then video transitions into a montage of shots of people using open laptops. The first image shows a desk with an open laptop, which has multiple windows open. White hands barely touch the edge of the keyboard. Text fades in that reads "Change your password often."  The second image shows a white man using the touch pad on his laptop to scroll. We only see his hands and the sleeves of his button-down shirt, which is white checkered with dark lines. The third image shows a white woman using a silver laptop. She faces us so we cannot see what is on the screen. She has long, brown hair and wears a dark T-shirt. To her right, another white person, who appears to be a woman, types on a laptop. This person is wearing a gray sweatshirt or hoodie. Text fades in that reads "Change your password and call the Campus Help Desk immediately." A phone number reading "801-581-4000" fades in.

1:25: The video transitions back to an outdoor space on campus with grass and trees. A man in a light blue-green shirt and dark pants walks left past our view. Another man, somewhat balding, walks right past our view. He wears a dark blue or black shirt with short sleeves and a collar, and jeans. The fisher is in the background, waving his fishing line.

1:29: The video returns to the fisher's desk, with a close-up on the Funko pop and comic book figurines. The figurines include Superman and a shark, but it's not clear which characters the others represent. The video zooms out so we can see the fisher sitting at the desk. He makes a fist with his right hand and pulls it downward in a motion that represents cha-ching, yes, score, gotcha, or a similar celebration. He throws his head back and laughs. 

1:32: The screen goes black. The University Information Technology (UIT) logo (white text with a red Block U) and white text reading "it.utah.edu/" fade in, with the word "security" added shortly after to the end of the URL so it reads "it.utah.edu/security."

1:37: The screen changes to a white background with a gray gradient at the bottom that shows a mirror image of the red and black Imagine U logo in the center of the screen.

Phishing is becoming more and more popular. 

We're talking about phishing with a "ph." Not the river-runs-through-it kind. 

It's about cyber scammers, con artists, and thieves. Every day they're baiting and hooking personal information and gutting bank accounts. It's happening all around the nation and right here at the U. 

Faculty, staff, and students are all vulnerable, and attacks are becoming more targeted. 

Because some university personal information is readily available, scammers are often using it, along with emotional responses, to get you to act. 

It's important to stay vigilant and know thieves are trying to land the big one. 

You will never receive a threatening or intimidating email from any legitimate university source. 

Don't take the bait. Never share your uNID and password with anyone. And look for the signs that are common in phishing scams. Things like:

  • unusual email language or spelling or grammar
  • the URL doesn't match the webpage
  • when hovering over a link, it doesn't match the promised content 

Here's what to do to stay protected:

  • Guard your uNID and password like your Social Security number
  • Change your passwords often
  • Lock your screens when not in use or when you leave your desk

If you've been hooked, call the Campus Help Desk (801-581-4000, option 1) immediately. 

Trust your gut. If it smells fishy, it probably is. 

For more information, visit it.utah.edu.

CAN YOU SPOT WHEN YOU’RE BEING PHISHED? TAKE GOOGLE'S interactive QUIZ.

Social engineering

Social engineering is the practice of trying to trick or manipulate people into breaking normal security procedures. In general, the principle behind social engineering, phishing, and scams is that people are the weak link in security — it can be easier to trick people than to hack into computing systems by force.

Social engineers exploit people’s natural tendencies to trust and help others. They also take advantage of our tendency to act quickly when faced with a crisis. Phishing is a form of social engineering.

Other types of phishing

Phishing can extend beyond scams sent via email. Criminals also use phishing tactics and social engineering in text messages (smishing) and phone calls (vishing).

Vishing (voice phishing)

In voice phishing, the phisher calls someone and asks them to provide sensitive personal details or dial a number, according to KnowBe4. The purpose is to steal personal or bank account information through the phone. Vishing is mostly done with a fake caller ID.

Smishing (SMS phishing)

Smishing is phishing conducted via short message service (SMS), a telephone-based text messaging service, according to KnowBe4. A smishing text, for example, attempts to entice a victim into revealing personal information via a link that leads to a phishing website.

Resources

Last Updated: 3/25/24