Phishing (pronounced “fishing’) is an email scam designed to acquire sensitive information from people. The most successful phishing emails are designed to look like the email comes from a reputable source. UC San Diego faculty, staff, and students are often the target of attempts to gain login credentials or personal information through phishing scams that may claim to be coming from UC San Diego, UC San Diego IT Services, or a UC San Diego department. Sometimes the email says that your email account is over quota, that you must click a link to reactivate or update your account, or that you must provide your user information to keep your account active. These are fraudulent attempts to gain access to your credentials or personal information and should not be replied to.
- Never share your passwords with anyone
- UC San Diego, UC San Diego IT Services, your bank, FedEx, the IRS, your credit card company, and other reputable institutions will never ask for your password by email, phone, text message, or in person.
- Financial institutions may communicate with you via secure messaging. You may receive an email from a financial institution informing you of this message, but it will never ask for your personal information or password.
- Do not click on any embedded buttons in a phishing email, especially those that say "unsubscribe" or "remove me from this mailing list." These links often install malware on your system.
- Call the individual or office that purportedly sent the email to confirm that it is a real request.
- Work with your IT department representative to ensure secure information delivery.
- Report phishing attempts and false senders to email@example.com.
If you have questions about phishing, consult your department systems administrator (DSA) or IT Services Security at firstname.lastname@example.org.