Tower

Email Security Awareness - Phishing

Phishing (pronounced "fishing") is a process by which someone tries obtain your private information using deceptive means, usually by sending an email that appears to come from a business, bank, school, or other organization you trust. The email may included a link that takes you to a counterfeit web site that very closely resembles a trusted web site where they ask for your password, social security number, account number, drivers license number or other personal information that can be used to steal your identity. Another method used most recently by phishers is to lure you to reply to a fake email with your private information.

Protective Measures -- Don't get hooked
Learn to recognize phishing, they often...
  • attempt to build credibility by spoofing a real company or university
  • create a false urgency requring a quick response - account will be closed
  • insist on a call to action - click a link or reply with information
Use common sense when giving out personal information
  • be suspicious by default
  • check the email for fake web links or fake web addresses
  • never give out account or personal information by email
  • remember, UF will never ask you for your password
Verify the information reported in the e-mail
  • if in doubt, call customer support or, in the case of UF email, call the UF Computing Helpdesk at 392-HELP to validate the message

Anatomy of a Phish -- "Phish Guts!"

Report Phishing at UF -- show us the headers

If you receive a phishing message that targets you as a UF staff, faculty, or student, you should check the UF IT Security Advisories web page to determine if we are already aware of that particular phishing attack. You can report phishing attacks by forwarding the original phishing message, with full message headers, to abuse@ufl.edu.

It is important to send not just the body of the phishing message but the original message headers as well. The email message headers provide routing information that helps us determine the source of the phishing email and gives us the opportunity to block any potential replies to the message. For details on how to find the original message headers using your own mail problem see, Reporting Email Abuse.


Additional Resources

UF IT Security

Protect Yourself

Acceptable Use Policy, Copyright, ID Theft, Phishing, Laptop Security, Passwords, Virus Protection, Stay Updated, E-mail Safety, Firewalls, Spyware/Adware, Web Surfing Safety, Clean Up Checklist, More...

UF IT Workers

Orientation, Policies/Standards, Network Scanning, Security Tickets, Incident Response, IT Training, Self-Serve Vulnerability Scan, More...

Advisories

About Us

Events, Contact Info, Background and Bios, Publications & Presentations, Press, Mission Statement

Network Services

Subnet Managers List, Network Information, Provided Services, Infrastructure

Report an Incident

Policies

Other Resources

UF Privacy Office, HSC SPICE Program, UF Bridges Security FAQ, Recent Security Incidents at Universities