UC San Diego SearchMenu

How To Identify Phishing Scams

Fishing hook on keyboard

Protect yourself from phishing scams with these tips.

Phishing (pronounced “fishing’) is an email scam designed to acquire sensitive information from people. The most successful phishing emails are designed to look like the email comes from a reputable source. UC San Diego faculty, staff, and students are often the target of attempts to gain login credentials or personal information through phishing scams that may claim to be coming from UC San Diego, UC San Diego IT Services, or a UC San Diego department. Sometimes the email says that your email account is over quota, that you must click a link to reactivate or update your account, or that you must provide your user information to keep your account active. These are fraudulent attempts to gain access to your credentials or personal information and should not be replied to.  

Protect yourself

  • Never share your passwords with anyone
  • UC San Diego, UC San Diego IT Services, your bank, FedEx, the IRS, your credit card company, and other reputable institutions will never ask for your password by email, phone, text message, or in person.
    • Financial institutions may communicate with you via secure messaging. You may receive an email from a financial institution informing you of this message, but it will never ask for your personal information or password.
  • Do not click on any embedded buttons in a phishing email, especially those that say "unsubscribe" or "remove me from this mailing list." These links often install malware on your system.
  • Call the individual or office that purportedly sent the email to confirm that it is a real request.
  • Work with your IT department representative to ensure secure information delivery. 
  • Report phishing attempts and false senders to abuse@ucsd.edu.

If you have questions about phishing, consult your department IT staff or IT Services Security at security@ucsd.edu.

Expand all

How to tell if an email is fraudulent

UC San Diego will never ask for or ask you to confirm your:

  • Account information
  • Password
  • Address
  • Personal information such as age, social security number, or home address.

The signature of an email may include a legitimate UC San Diego department name, but this alone should not be used to determine whether an email is from UC San Diego. If you suspect a message is not valid, check the official campus notice archive to see whether it is one of the recent official messages sent by UC San Diego. If it is, then it is a valid email. If not and/ or you suspect it's not a valid campus message, do not click links or open attachments, and forward it to the IT Security team at abuse@ucsd.edu.

How to tell if a website link within an email is fraudulent

Phishers commonly put a link in their emails that looks valid but actually goes to a fake or imitation site. If you hover your mouse over the link in the email (but not actually clicking on the link) you can see the actual destination website address.

Do not click on a link if:

  • The address does not correspond to your expectations
  • You see misspellings in the address

If you are uncertain, do not click the link. Use a search engine to look for the institution's page and see if the addresses match.

What do with a suspicious email

  • Do not follow links to a webpage.
  • Do not fill out any forms that ask for personal or financial information.
  • Delete the message.


Report a fraudulent email

IT Services continuously monitors for phishing emails and takes action when the message source can be reliably determined. If you believe you have received a phishing email, report it to abuse@ucsd.edu.

Expand all