The practice of trying to trick or manipulate people into breaking normal security procedures is called social engineering. The principle behind social engineering and scams in general is that people are the weak link in security — it can be easier to trick people than to hack into computing systems by force.
Social engineers exploit people’s natural tendencies to trust and help others. They also take advantage of our tendency to act quickly when faced with a crisis. The scams described on this page are all classic examples of social engineering.
Phishing is a scam designed to steal information or passwords, compromise computers, or trick you out of money — typically via deceptive emails, texts, posts on social networking sites, pop-ups or phone calls. Phishers may ask for your name, account information, date of birth, Social Security number, address, etc.
They may also try to get you to click on a link or open a file. Hover over any links to see specifically where you are being directed. If it's not legit, don't click.
- “There’s a problem with your account” — trying to trick you into sending your password or clicking on a link to fix a problem
- Phony security alerts — email, pop-ups, or Facebook notifications warning that your computer is at risk of being infected, typically with a link to click
- Phony computer support — see example below
- Money phishing — trying to trick you out of money or bank/credit card account info, often by pretending to be someone from another country who needs assistance accessing a large sum of money, a friend stuck in another country without any money, or an IRS agent claiming that you owe taxes and must pay immediately over the phone
The University of Utah and other reputable organizations will never email you for your password, Social Security number, or any confidential or personal information.
Learn more about various phishing schemes and how to avoid them.
If you cannot tell whether an email is legitimate, please forward it to email@example.com or call your respective help desk:
- Campus Help Desk: 801-581-4000, option 1
- Hospital Service Desk: 801-587-6000
OF A SCAM
Scams commonly use email, the internet, or the telephone to trick people into revealing sensitive information or doing something that is against policy.
- Requests for personal or private information, such as your password, financial account information, Social Security number, or money.
- Unexpected/unsolicited emails with links or attachments.
- Scare tactics or threats stressing that, if you don't act quickly, something bad will happen.
- Promises of something too good to be true. This includes bargains, “great offers,” or links to claim an award or reward.
- Requests that you forward emails, attachments, links, etc., to your friends, co-workers, or family.
Indicators that an email isn’t legitimate:
- It’s not addressed to you, specifically, by name.
- Its sender isn’t specified, isn’t someone you know, or doesn’t match the “from” address.
- It includes spelling or grammatical errors.
- It includes a link that doesn’t match where the email states the link will take you.
- It includes a link to pictures or videos from people you don’t personally know.
- It includes a link or attachment to view an unexpected e-card or track an unknown package.
- It includes an attachment with an incorrect or suspicious filename, or a suspicious file extension (e.g., *.zip, *.exe, *.vbs, *.bin, *.com, *.pif, *.zzx).
Impersonation: Attackers pose as someone in authority, or an IT representative, in order to obtain information or direct access to systems. Attackers may research the target so they know enough to persuade you to trust them. Examples include:
- An IRS scam that targets students.
- The “Microsoft computer support” scam. Someone supposedly from the Microsoft or Windows Support Center calls to tell you there's a problem with your computer or that someone's trying to hack in. These scammers usually have you run some simple commands then ask you to install something that will allow them to “fix the problem.” They also might send you an attachment or a link, or just read you a URL. Following the instructions will give them full access to your computer.
Ransomware: Scams that lock your computer and demand you pay money to unlock it. Examples include:
- A pop-up that tells you there is a problem with your computer. The pop-up offers you free or cheap antivirus software to fix the problem. After you install the fake antivirus program, it locks your computer and you have to pay to unlock it.
- A pop-up that prompts you to sign in with your Windows account or email in order for “Windows” to fix the problem. After you sign in, the program locks your browser. To unlock it, you must buy antivirus software for $200 or $300. This is a double-whammy because you also give the attacker your credit card information.