What is phishing?

Phishing is an attack in which a scammer sends fraudulent emails or text messages, or directs users to a copycat website, in order to steal valuable personal information such as account numbers, Social Security numbers, or login IDs and passwords.

Phishing emails are often designed to look like official communication from banks, eBay, Amazon, or other organizations, including UCF.  These messages typically contain a call to action, such as a threat that an account will be disabled unless the recipient responds, or an urgent message regarding a payment issue.

In addition to email and website phishing, there’s also vishing (voice phishing via phone) and smishing (text message or SMS phishing).

How can I protect myself from phishing attempts?

Legitimate businesses do not solicit user account information via email.  If you receive an unexpected email that appears suspicious, remember:

Do not click on links in phishing or spam emails

Do not open any attachments

Do not reply to a phishing or spam email

Contact the company directly to validate the email

Do not use any contact information listed in the suspicious email.  Instead, open a web browser and go directly to the company’s website.

If you have any questions or concerns, please contact the UCF Information Security Office by email at or by calling 407-823-2711.

How can I report phishing emails?

If you feel the email is malicious or contains a threat:

Report the message to the UCF Security Incident Response Team by clicking on the “Phish Alert” button as shown in the example to the right.  Click the image to visit the Phish Alert Button page for more information.

Alternatively, if you do not have a “Phish Alert” button, you may forward the email as an attachment to the Security Incident Response Team at SIRT@ucf.eduFor step-by-step instructions, view the KnowledgeBase article here.

Contact the UCF Police at 407-823-5555 if you feel your personal safety has been threatened.




What is spam?

Email spam is any email message that you did not ask to receive.  A spam email message may be sent to many users simultaneously.  While annoying, spam messages can also pose a threat if users click on the links, open any attachments, or provide information to the spammers.

How to spot spam

Before opening the message, check the subject line.  Many spam messages are easy to spot:  they’ll use language that gives a sense of urgency or appeals to your curiosity.

Check the sender’s email address.  Official UCF email will always come from a address.

Check for spelling and grammar mistakes.

Official UCF email should include verifiable contact information.  Use the online UCF phonebook at to verify the information.

Does the message contain a threat?  Some malicious emails will threaten to disable or terminate accounts unless users confirm their usernames and passwords.  Official UCF communications will never ask for your account information via email.

Learn more about spotting spam here.

Handling spam emails

Now that you’ve identified a spam email, what should you do?

Do not open any attachments.

Turn off the preview feature in your email client to prevent it from automatically opening an infected file or running a malicious script.

Do not click on any links.

Links in spam emails may take you to infected or fake websites that will try to capture your username and password.  If you want to check out a site, open your web browser and search for the company.

Do not respond to spam – report it!

Do not reply to the email or click on any “remove me” or “unsubscribe” links.  Instead, forward any spam messages to the following email address:

Delete it!

Recent studies have shown that over half of all email is spam.  While UCF has multiple filters to block spam, no filter can be 100% effective.  The easiest way to handle spam is to delete it.

Preventing spam

If you see the same messages repeatedly in your UCF inbox, forward the message to Microsoft at so the filters can learn to catch it in the future.

Avoid using your UCF email address to register on websites that aren’t related to your job.  This will help keep your address from ending up on lists that spammers use.