Skip to content

Email and Communication Security

How can I identify a phishing email?

Phishing emails and scams targeting university staff can be deceptive but are identifiable with these signs, as illustrated in the "Don’t Get Hooked" infographic:

Phishing Attempt

  • Suspicious Sender: Look for unusual email addresses (e.g., support@amazon-customer-center.com instead of the official amazon.com domain).
  • Urgent or Threatening Language: Be wary of messages demanding immediate action, such as “URGENT: Action Required for Your Amazon Package [#A29875431],” claiming your package will be returned if not acted upon within 24 hours.
  • Spelling or Grammar Errors: Check for inconsistencies that legitimate university emails typically avoid.
  • Suspicious Links: Hover over links (e.g., http://amazon-customer-center.com/tracking.php) without clicking to verify they don’t match the claimed source. If the URL starts with https://urldefence.com, then the email system has rewritten the URL for security purposes.
  • Requests for Sensitive Information: Avoid clicking links or verifying order details through unsolicited emails, as these are tactics to steal credentials.
  • Unusual Attachments: Do not download attachments unless you are certain of their legitimacy.

If you suspect a phishing attempt, use the “Report Phish” button in Outlook to notify the appropriate team.

How to report a phishing email via Microsoft Outlook?

The report phishing button in Microsoft Outlook allows the UFS community to quickly report suspicious emails to their organization’s security team for analysis.

Reporting phishing emails helps protect both individual users and UFS from cyber threats.

If you have opened what you believe to be a suspicious email, do not click on any further links, open document attachments, or forward that email to anyone else.

The “Report Phish” option in Microsoft Outlook can be used to report a suspicious email by following these steps:

  1. Locate and click the “Report Phish” button on your Outlook taskbar.
  2. Once your message has been received and analyzed by the security team, you will receive a feedback email noting, among other things:
    • the reported email risk classification
    • suggested actions
    • actions automatically enforced

How do I verify an email is from a legitimate source?

If you are unsure whether an email is valid, take these precautions:

  • Report Suspicious Emails: If doubts persist, click the “Report Phish” button in Outlook to flag the email for review.
What are the risks of clicking links or downloading attachments in emails?

Clicking links or downloading attachments in emails can expose you to significant risks, including:

  • Malware Installation: Links or attachments may install malicious software that steals data or damages your device
  • Fake Login Pages: Clicking links can redirect you to fraudulent sites designed to capture your credentials.
  • Ransomware: Attachments might trigger ransomware that encrypts your files and demands payment for access.
  • Data Breach: These actions can compromise sensitive university information, spreading threats across systems.

Avoid interacting with unsolicited links or attachments unless you verify the email’s legitimacy to protect yourself and the university.

What is Vishing and how can I protect myself?

Vishing

What is a TOAD attack?

TOAD Attack