What is phishing?
Phishing is an attack in which a scammer sends fraudulent emails or text messages, or directs users to a copycat website, in order to steal valuable personal information such as account numbers, Social Security numbers, or login IDs and passwords.
Phishing emails are often designed to look like official communication from banks, eBay, Amazon, or other organizations, including UCF. These messages typically contain a call to action, such as a threat that an account will be disabled unless the recipient responds, or an urgent message regarding a payment issue.
In addition to email and website phishing, there’s also vishing (voice phishing via phone) and smishing (text message or SMS phishing).
How can I protect myself from phishing attempts?
Legitimate businesses do not solicit user account information via email. If you receive an unexpected email that appears suspicious, remember:
Do not click on links in phishing or spam emails
Do not open any attachments
Do not reply to a phishing or spam email
Contact the company directly to validate the email
Do not use any contact information listed in the suspicious email. Instead, open a web browser and go directly to the company’s website.
If you have any questions or concerns, please contact the UCF Information Security Office by email at INFOSEC@ucf.edu or by calling 407-823-2711.
Reporting phishing emails
Report the message to the UCF Security Incident Response Team by clicking on the “Phish Alert” button as shown in the example to the right. Click the image to visit the Phish Alert Button page for more information.
Alternatively, if you do not have a “Phish Alert” button, you may forward the email as an attachment to the Security Incident Response Team at SIRT@ucf.edu. For step-by-step instructions, view the KnowledgeBase article here.
Contact the UCF Police at 407-823-5555 if you feel your personal safety has been threatened.
What is spam?
Email spam is any email message that you did not ask to receive. A spam email message may be sent to many users simultaneously. While annoying, spam messages can also pose a threat if users click on the links, open any attachments, or provide information to the spammers.
How to spot spam
Before opening the message, check the subject line. Many spam messages are easy to spot: they’ll use language that gives a sense of urgency or appeals to your curiosity.
Check the sender’s email address. Official UCF email will always come from a ucf.edu address.
Check for spelling and grammar mistakes.
Official UCF email should include verifiable contact information. Use the online UCF phonebook at www.phonebook.ucf.edu to verify the information.
Does the message contain a threat? Some malicious emails will threaten to disable or terminate accounts unless users confirm their usernames and passwords. Official UCF communications will never ask for your account information via email.
Learn more about spotting spam here.
Handling spam emails
Now that you’ve identified a spam email, what should you do?
Do not open any attachments.
Turn off the preview feature in your email client to prevent it from automatically opening an infected file or running a malicious script.
Do not click on any links.
Links in spam emails may take you to infected or fake websites that will try to capture your username and password. If you want to check out a site, open your web browser and search for the company.
Do not respond to spam – report it!
Do not reply to the email or click on any “remove me” or “unsubscribe” links. Instead, forward any spam messages to the following email address:
Recent studies have shown that over half of all email is spam. While UCF has multiple filters to block spam, no filter can be 100% effective. The easiest way to handle spam is to delete it.
If you see the same messages repeatedly in your UCF inbox, forward the message to Microsoft at email@example.com so the filters can learn to catch it in the future.
Avoid using your UCF email address to register on websites that aren’t related to your job. This will help keep your address from ending up on lists that spammers use.