Email Phishing FAQ

Request security assistance

Will Information Technology Services ever ask for a password?

No! You will never be asked to provide private information by email including any of your account passwords.

What is Phishing?

Phishing is a social engineering attempt to obtain personal information such as credit cards, bank accounts, usernames and passwords by masquerading as a user or entity you trust. This is typically performed through an email or instant message requesting you to enter this information in a reply or on a website.

What does a Phishing message look like?

Often a phishing message is an urgent call to action, inciting panic by claiming account issues, deadlines, or compromised security. The latest attacks may come either a UI or non-UI address and link to an online form hosted on Google Spreadsheets, MS Office Online, or a number of other sites. They may even include official UI logos to make the message more realistic. Messages may impersonate a Dean, supervisor, or colleague, and may even include their name and phone number in the message signature. Check the sender's email address before replying.

I received a phishing message - how can I report it?

To report a phishing message, please use the "Report Phish" button (pictured below) in the Outlook email client or web-based OWA. A step by step guide for the Report Message button can be found at

Report Phish button
Fig 1: Report Phish Button

Alternatively, if you use an email client other than Outlook, please draft a new email to  and either "drag and drop" the suspicious email, or include it as an attachment.

How do I know a message from OIT is legitimate?

The University of Idaho OIT would never ask you to put sensitive information into an email, as it is an insecure transport mechanism. If in doubt, contact your Local Support or TSP if an employee, or the Student Technology Center if a student.

I fear my account has been compromised or my password is not secure enough. How do I change my password?

You can change your password either over the phone or in person or follow our online password reset tutorial. If you suspect your account has been compromised or used by another user, report this to and your TSP, SysAd or the STC and change your passwords immediately.

Print Article


Article ID: 192
Tue 12/12/17 2:34 PM
Tue 5/14/24 11:34 AM

Related Articles (12)

Further protect yourself and our campus with additional security training on using email on mobile devices, avoiding dangerous links, and more.
This article describes how to properly report a phishing message.
Learn how to set the password on your account. To follow these directions you need to know your username, password and setup your security profile.
Affiliates can reset their password if they have a Security Profile with 3 questions and 1 personal email address set up. If you do not have a security profile and have forgotten your password, please contact OIT.
Setting up a security profile with a minimum of 3 questions and 1 contact enables the reset of a forgotton or compromised password.
What to do about spam. Some people and business indiscriminately send large amounts of unsolicited commercial email (UCE). In recent years, spam content has expanded to include offensive advertising, malicious content and computer viruses.
Information about and helpful tips on identifying phishing emails.
This article describes a UI employee's options for mass mailing.
This article explains the why and how for implementing different security measures for your account and computer.