UC San Diego SearchMenu

How To Identify Phishing Scams

Fishing hook on keyboard

Protect yourself from phishing scams with these tips.

Phishing (pronounced “fishing’) is an email scam designed to acquire sensitive information from people. The most successful phishing emails are designed to look like the email comes from a reputable source such as a known person or entity. UC San Diego faculty, staff, and students are often the target of attempts to gain login credentials or personal information through phishing scams that may claim to be coming from UC San Diego, UC San Diego IT Services, or a UC San Diego department. Sometimes the email says that your email account is over quota so you must click a link to reactivate or update your account, or that you must provide your user information to keep your account active. These are fraudulent attempts and should not be replied to or acted upon.

Think you can spot a phishing email when you see one? Sign up for the faux phishing campaign being run by IT Services Security. Note: log in to your campus G Suite account to access this Google Form.

General tips

  • Never share your passwords with anyone.
  • UC San Diego, UC San Diego IT Services, your bank, FedEx, the IRS, your credit card company, and other reputable institutions will never ask for your password by email, phone, text message, or in person.
    • Financial or medical institutions may communicate with you via secure messaging. You may receive an email from a financial or medical institution informing you of this message, but it will never ask for your personal information or password.
  • Do not click on any embedded buttons in a phishing email, especially those that say "unsubscribe" or "remove me from this mailing list." These links often install malware on your system.
  • Call the individual or office that purportedly sent the email to confirm that it is a real request.
  • Report phishing attempts and false senders to IT Services Security at abuse@ucsd.edu.

If you have questions about phishing, consult your department IT staff or IT Services Security.

Expand all

Identify a phishing email

Look at this example of a phish message that is mocked up to show its telltale signs.

Remember, UC San Diego will never ask for or ask you to confirm your:

  • Account information
  • Password
  • Address
  • Personal information such as age, social security number, or home address.

Though the signature of an email may include a legitimate UC San Diego department name or logo, this alone should not be used to determine whether an email is from UC San Diego. If you suspect a message is not a valid campus message, do not click links or open attachments. Call the individual or office that purportedly sent the email to confirm that it is a real request. You may also forward the message to the IT Security team at abuse@ucsd.edu.

Check a website link within an email

Phishers commonly put a link in their emails that looks valid but actually goes to a fake or imitation site. If you hover your mouse over the link (without clicking it) you can see the actual destination website address.

Do not click on a link if:

  • The address does not correspond to your expectations.
  • You see misspellings in the address.

If you are uncertain, use a search engine to look for the institution's page and see if the addresses match.

What to do with a suspicious email

  • Do not follow links to a webpage.
  • Do not fill out any forms that ask for personal or financial information.
  • Delete the message.

Report a fraudulent email

IT Services continuously monitors for phishing emails and takes action when the message source can be reliably determined. If you believe you have received a phishing email, forward it to abuse@ucsd.edu.


Expand all