Cybercriminals are clever, and they want your information. Phishing scams use a technique called ‘social engineering’ to trick you into giving out your personal data or running a program. While disguised as someone you trust, cyber criminals will try to get you to click on a link to verify your account, or update your ‘expiring’ password. Often these messages are marked “Urgent” and contain links to sites that are false, and designed to steal your information or hack your computer. Be wary of messages that seem too good to be true. You won the lottery! Or did you?
Helpful tips on identifying phishing emails
In VandalMail, you can hover your mouse over a link before clicking on it to reveal its destination address. On your mobile device, press and hold on the link to reveal its URL. Is the address different than what you expected? Is it garbled or incoherent? Does it claim to be from the university, but is something other than uidaho.edu? It might be a fake.
Also, who else was it sent to? If you don’t recognize the other recipients, you and the others listed may have been the target of a mass phishing attack. Cyber criminals often attempt to mass phish users in hope that some will bite.
Be wary of attachments that have strange file names and extensions. FunnyCatPhotos.exe is tempting, but not at all what you think it is. If you are unsure about an attachment, make sure to scan it with an anti-virus program before opening.
Your NetID is used to authenticate with UI service portals, but not anywhere else. Before you enter your password, check the URL, and make sure that the page is using SSL encryption by using "https://" instead of "http://"
Check your online accounts and banking regularly to be sure no unauthorized transactions have occurred.
What if I have already responded to a phishing attempt?
Unsure about a website or email? As an employee, contact your Department System Administrator or Regional TSP for confirmation. As a student, contact the Student Technology Center. If you have received a phishing email, help us improve our filters by reporting it to email@example.com.
If you respond to a phishing email with your password, change it immediately and notify ITS Security at firstname.lastname@example.org. ITS will work with you to re-enable your account.