Phishing is an attack in which a scammer sends fraudulent emails or text messages, or directs users to a copycat website, in order to steal valuable personal information such as account numbers, Social Security numbers, or login IDs and passwords.
Phishing emails are often designed to look like official communication from banks, eBay, Amazon, or other organizations, including UCF. These messages typically contain a call to action, such as a threat that an account will be disabled unless the recipient responds, or an urgent message regarding a payment issue.
In addition to email and website phishing, there’s also vishing (voice phishing via phone) and smishing (text message or SMS phishing).
QUICK links
How can I protect myself from phishing attempts?
Legitimate businesses do not solicit user account information via email. If you receive an unexpected email that appears suspicious, remember:
- Do not click on links in phishing or spam emails
- Do not open any attachments
- Do not reply to a phishing or spam email
- Contact the company directly to validate the email
Do not use any contact information listed in the suspicious email. Instead, open a web browser and go directly to the company’s website.
If you have any questions or concerns, please contact the UCF Information Security Office by email at infosec@ucf.edu or by calling 407-823-2711.
How can I report phishing emails?
If you feel the email is malicious or contains a threat:
- Report the message to the UCF Security Incident Response Team by clicking on the “Phish Alert” button as shown in the example to the right. To learn more about the Phish Alert Button, click here.
- Alternatively, if you do not have a “Phish Alert” button, you may forward the email as an attachment to the Security Incident Response Team at SIRT@ucf.edu. For step-by-step instructions, view the KnowledgeBase article here.
- Contact the UCF Police at 407-823-5555 if you feel your personal safety has been threatened.
Understanding spam
Click the tabs below to learn more about spam emails.
Email spam is any email message that you did not ask to receive. A spam email message may be sent to many users simultaneously. While annoying, spam messages can also pose a threat if users click on the links, open any attachments, or provide information to the spammers.
Now that you’ve identified a spam email, what should you do?
Do not open any attachments.
Turn off the preview feature in your email client to prevent it from automatically opening an infected file or running a malicious script.
Do not click on any links.
Links in spam emails may take you to infected or fake websites that will try to capture your username and password. If you want to check out a site, open your web browser and search for the company.
Do not respond to spam – report it!
Do not reply to the email or click on any “remove me” or “unsubscribe” links. Instead, forward any spam messages to the following email address:
junk@office365.microsoft.com
Delete it!
Recent studies have shown that over half of all email is spam. While UCF has multiple filters to block spam, no filter can be 100% effective. The easiest way to handle spam is to delete it.
If you see the same messages repeatedly in your UCF inbox, forward the message to Microsoft at junk@office365.microsoft.com so the filters can learn to catch it in the future.
Avoid using your UCF email address to register on websites that aren’t related to your job. This will help keep your address from ending up on lists that spammers use.