Report Phishing Attempts!

May 30, 2018

reportWhat to Do If You Receive a Phish


Email scams (known as phishing) are a common method to trick you into revealing information, sometimes seemingly innocent data like your name and address, for malicious and fraudulent purposes. Phishing attacks can come via email, text, websites or phone. They target personal or institutional information such as financial data, student records, or tax records. Higher education institutions are popular targets for these scams.


Here’s how to quickly spot an email phish. Sometimes an email message just doesn't look right. Go with your gut - report no matter what!

The email message will often...

  • Ask you for personal information.
  • Contain poor spelling and grammar.
  • Include threats or dire consequences if you don't act quickly.
  • Seem too good to be true.
  • Ask you to send money.
  • Ask you to open an attachment or shared a document you may or may not be expecting.
  • Ask to bypass policy/procedures.
  • Ask you not to tell anyone.
  • Look like it comes from a legitimate source.


  • DO NOT respond directly to a phishing attempt. 
  • After you report the phish, DELETE it!


  • Report to ITS: Copy the entire message including full headers and send to Full headers are a critical resource in determining the origin of a phishing email. ITS needs full headers to investigate the phish. Instructions for full headers.
  • Report to Google: If you are using the UCSC Gmail web interface, open the message, click the Down arrow (next to the Reply button), and then click Report phishing.

Email phishing generally targets large numbers of people at once. The faster you tell people, the quicker ITS can respond and the safer your colleagues will be.

For more information see