What is phishing?

Phishing Scams

Phishing scams use a technique called social engineering to trick you into giving out your personal data or running a program. Disguised as someone you trust, cyber criminals will try to get you to click on a link under the guise of account verification or password expiration. Often these messages are marked “Urgent” and contain links to sites that are false, and designed to steal your information or hack your computer. Be wary of messages that seem too good to be true. You won the lottery! Or did you?

Request security assistance

Helpful tips on identifying phishing emails

  1. Check the URL
  2. Make sure you know the sender
  3. Don't click on anything unexpected
  4. Only use your UI password for UI sites
  5. Check your online accounts and banks regularly
  6. What if I already responded?

Check the URL before clicking a link

In VandalMail, you can hover your mouse over a link before clicking on it to reveal its destination address. On your mobile device, press and hold on the link to reveal its URL. Is the address different than what you expected? Is it garbled or incoherent? Does it claim to be from the university, but is something other than www.uidaho.edu? It might be a fake.

Make sure the sender is someone you know and trust

Also, who else was it sent to? If you don’t recognize the other recipients, you and the others listed may have been the target of a mass phishing attack. Cyber criminals often attempt to mass phish users in hope that some will bite.

Don't click unexpected links or open unexpected attachments

Be wary of attachments that have strange file names and extensions. FunnyCatPhotos.exe is tempting, but not at all what you think it is. If you are unsure about an attachment, make sure to scan it with an anti-virus program before opening.

Only use your UI password on uidaho.edu sites

Your NetID is used to authenticate with UI service portals, but not anywhere else. Before you enter your password, check the URL, and make sure that the page is using SSL encryption by using "https://" instead of "http://". Don't re-use your UI password for other sites that could easily be compromised, either.

Check your online and bank accounts regularly

Check your online accounts and banking regularly to be sure no unauthorized transactions have occurred.

What if I have already responded to a phishing attempt?

Unsure about a website or email? As an employee, contact your Department System Administrator or Regional TSP for confirmation. As a student, contact the Student Technology Center. If you have received a phishing email, help us improve our filters by reporting it to abuse@uidaho.edu.

If you respond to a phishing email with personal information (such as your password), change it immediately and notify ITS Security at security@uidaho.edu. ITS will work with you to re-enable your account.