What is phishing?

Phishing Scams

Phishing scams use a technique called social engineering to trick you into giving out your personal data or running a program. Disguised as someone you trust, cyber criminals will try to get you to click on a link under the guise of account verification or password expiration. Often these messages are marked “Urgent” and contain links to sites that are false, and designed to steal your information or hack your computer. Be wary of messages that seem too good to be true. You won the lottery! Or did you?

Request security assistance

Helpful tips on identifying phishing emails

  1. Check the URL
  2. Make sure you know the sender
  3. Don't click on anything unexpected
  4. Only use your UI password for UI sites
  5. Check your online accounts and banks regularly
  6. How can I report a message for analysis?
  7. What if I already responded?

Check the URL before clicking a link

In VandalMail, you can hover your mouse over a link before clicking on it to reveal its destination address. On your mobile device, press and hold on the link to reveal its URL. Is the address different than what you expected? Is it garbled or incoherent? Does it claim to be from the university, but is something other than www.uidaho.edu? It might be a fake.

Make sure the sender is someone you know and trust

Also, who else was it sent to? If you don’t recognize the other recipients, you and the others listed may have been the target of a mass phishing attack. Cyber criminals often attempt to mass phish users in hope that some will bite.

Don't click unexpected links or open unexpected attachments

Be wary of attachments that have strange file names and extensions. FunnyCatPhotos.exe is tempting, but not at all what you think it is. If you are unsure about an attachment, make sure to scan it with an anti-virus program before opening.

Only use your UI password on uidaho.edu sites

Your NetID is used to authenticate with UI service portals, but not anywhere else. Before you enter your password, check the URL, and make sure that the page is using SSL encryption by using "https://" instead of "http://". Don't re-use your UI password for other sites that could easily be compromised, either.

Check your online and bank accounts regularly

Check your online accounts and banking regularly to be sure no unauthorized transactions have occurred.

How do I report a message for analysis?

Unsure about a website or email? Report it to ITS Security for analysis using the Report Phish button or by sending as an attachment to abuse@uidaho.edu. See How do I report a phishing message? for instructions.

What if I have already responded to a phishing attempt?

If you clicked on a link in a phishing message or responded to the email with personal information (such as your password or photos of a gift card), change your password immediately and notify ITS Security at security@uidaho.edu. ITS will work with you to remediate your account and determine if unauthorized access occurred.