Email Phishing FAQs
No! You will never be asked to provide private information by email including any of your account passwords.
Phishing is a social engineering attempt to obtain personal information such as credit cards, bank accounts, usernames and passwords by masquerading as a user or entity you trust. This is typically performed through an email or instant message requesting you to enter this information in a reply or on a website.
The latest attacks may come either a UI or non-UI address and link to an online form hosted on Google Spreadsheets, MS Office Online, or a number of other sites. They may even include official UI logos to make the message more realistic.
To report a suspicious or unwanted message, instead of adding the full email header, drag and drop the suspicious email into a new email.
Once dragged into the new email, it should appear as an attachment. Please also include whether or not you replied to the suspicious email, clicked any links it contained, or took any action the suspicious email suggested. This will give ITS the information we need for securing your account against subsequent attacks.
The University of Idaho ITS would never ask you to put sensitive information into an email, as it is an insecure transport mechanism. If in doubt, contact your SysAd or TSP if an employee, or the Student Technology Center if a student. No major system change would be implemented without prior notification.