Email Phishing FAQ

Request security assistance

Will Information Technology Services ever ask for a password?

No! You will never be asked to provide private information by email including any of your account passwords.

What is Phishing?

Phishing is a social engineering attempt to obtain personal information such as credit cards, bank accounts, usernames and passwords by masquerading as a user or entity you trust. This is typically performed through an email or instant message requesting you to enter this information in a reply or on a website.

What does a Phishing message look like?

Often a phishing message is an urgent call to action, inciting panic by claiming account issues, deadlines, or compromised security. The latest attacks may come either a UI or non-UI address and link to an online form hosted on Google Spreadsheets, MS Office Online, or a number of other sites. They may even include official UI logos to make the message more realistic. Messages may impersonate a Dean, supervisor, or colleague, and may even include their name and phone number in the message signature. Check the sender's email address before replying.

I received a phishing message - how can I report it?

To report a phishing message, please use the "Report Phish" button (pictured below) in the Outlook email client or web-based OWA. A step by step guide for the Report Message button can be found at

Report Phish button
Fig 1: Report Phish Button

Alternatively, if you use an email client other than Outlook, please draft a new email to  and either "drag and drop" the suspicious email, or include it as an attachment.

How do I know a message from ITS is legitimate?

The University of Idaho ITS would never ask you to put sensitive information into an email, as it is an insecure transport mechanism. If in doubt, contact your Local Support or TSP if an employee, or the Student Technology Center if a student.

I fear my account has been compromised or my password is not secure enough. How do I change my password?

You can change your password either over the phone or in person or follow our online password reset tutorial. If you suspect your account has been compromised or used by another user, report this to and your TSP, SysAd or the STC and change your passwords immediately.