What to Do If You Receive a Phishing Attempt
IDENTIFY and REACT to a phishing attempt in a way that protects yourself and your colleagues.
Email scams (known as phishing) are a common method to trick you into revealing information, sometimes seemingly innocent data like your name and address, for malicious and fraudulent purposes. Phishing attacks can come via email, text, websites or phone. They target personal or institutional information such as financial data, student records, or tax records. Higher education institutions are popular targets for these scams.
Here’s how to quickly spot an email phish. Sometimes an email message just doesn't look right. Go with your gut - report no matter what!
The email message will often...
- Ask you for personal information.
- Contain poor spelling and grammar.
- Include threats or dire consequences if you don't act quickly.
- Seem too good to be true.
- Ask you to send money.
- Ask you to open an attachment or shared a document you may or may not be expecting.
- Ask to bypass policy/procedures.
- Ask you not to tell anyone.
- Look like it comes from a legitimate source.
Here’s how you can help yourself and others.
- DO NOT respond directly to a phishing attempt.
- DO REPORT an email phishing attempt immediately to ITS and Google by following these steps:
- Report to ITS: Copy the entire message including full headers and email that information to the ITS security team at firstname.lastname@example.org. Full headers provide information about the path the message took to get to you. Headers are a critical resource in determining the origin of a phishing email. ITS needs full headers to investigate the phish. Instructions on finding headers for a message.
- Report to Google: In Gmail, open the message, click the Down arrow (next to the Reply button), and then click Report phishing.
Share and socialize the scam. Email phishing generally targets large numbers of people at once. The faster you tell people, the quicker ITS can respond and the safer your colleagues will be.
For more information see http://its.ucsc.edu/security/scams.html#phishing
More details on how to report a security incident: http://its.ucsc.edu/security/report.html