Phishing is the attempt to obtain sensitive information such as usernames, passwords, social security numbers, and financial information, often for malicious reasons. By leveraging public information, such as email addresses from the University Phonebook, these message can appear legitimate.
Although the University’s threat prevention service reduces the threat to our community, it cannot eradicate all phishing. The best way to avoid being a victim of a phishing scam is to not fall for it.
How to Detect and Handle Phishing Messages
Step 1: Identify the message as a phishing scam.
Some red flags include:
- Urgent requests. Phishing attacks attempt to induce panic in the receiver and cause the person to act before investigating the authenticity of the request.
- Bad spelling or grammar. Phishing messages are notorious for containing misspelled words or poor grammar.
- Mismatched email address information. Make sure the email address displayed in the From: field matches address listed in behind mailto:.
- Generic signature line. A university message is typically signed by a university official, whose name you can verify, and have credible contact information.
- Unexpected requests regarding personal information. Be extremely wary of following links or answering questions from contacts you did not initiate.
Security Service Update
UConn has enabled Advance Threat Protection (ATP) on all University email services. ATP provides protection against malicious links and unsafe attachments.
- Links: All URLs are rewritten through Office 365. If a link is safe, you will still go to the intended location. If a link is unsafe, you will see a warning message.
- Attachments: All attachments are scanned for malware and access to attachments considered unsafe will be blocked.
Before implementing this service, ITS would advise you to hover over links and attachments and ensure that the link and address matched. With this service, all links are rewritten in Office 365 and will not match the URL displayed in the message.
Step 2: Report and delete
If you suspect that the email is a phishing message, forward it to reportphishing@uconn.edu. Then delete the message from your inbox.
What to Do if You Click on the Links in a Phishing Message
- Change your NetID password immediately.