Skip to main content

System Status: 

  1. Home
  2. Technology
  3. Security
  4. Cybersecurity Awareness
  5. NCSAM
  6. Recognizing and Reporting Phishing

Recognizing and Reporting Phishing

Last Updated: October 17, 2022 2:47:29 PM PDT
Give feedback

When criminals go phishing, you don’t have to take the bait. Stop. Look. Think. If a link looks a little off, think before you click.

social-media-graphics18.jpg

Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information, or installing malware on your device. It’s easy to avoid a scam email, but only once you know what to look for.

See it so you don’t click it.

The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Here are some quick tips on how to clearly spot a fake phishing email:

  • Contains an offer that’s too good to be true 
  • Language that’s urgent, alarming, or threatening 
  • Poorly-crafted writing with misspellings, and bad grammar
  • Greetings that are ambiguous or very generic 
  • Requests to send personal information
  • Urgency to click on an unfamiliar hyperlinks or attachment
  • Strange or abrupt business requests
  • Sending e-mail address doesn’t match the company it’s coming from

Social Engineering and its Red Flags

Cyber criminals use social engineering tactics to create believable stories that trick people into doing risky things online. Watch a short video from Bank of America, “What is social engineering – and how can you prevent an attack?” from Bank of America’s Better Money Habits to better protect yourself from this type of threat.

Check out this module and PDF guide from KnowBe4 to learn how to spot the red flags & signs of danger associated with common social engineering methods. Javvad Malik, KnowBe4’s Security Awareness Advocate, will explain how & why hackers use different social engineering attacks and actions you should take to protect yourself and the university.

Oh no! I see a phishing email. What do I do?

Don’t worry, you’ve already done the hard part which is recognizing that an email is fake and part of a criminal’s phishing expedition. 

If you’re at the office and the email came to your work email address, report it as quickly as possible. IT Services continuously monitors for phishing emails and takes action when the message source can be reliably determined. If you receive a suspicious email, please forward it to abuse@ucsd.edu where it will be automatically analyzed and the results used to prevent additional deliveries.

If you’re at home and the email came to your personal email address. Do not click on any links (even the unsubscribe link) or reply back to the email and JUST DELETE IT. You can take your protection a step further and block the sending address from your email program, too.

Refer to our phishing user guide for more information.

Proofpoint video (2:00)
Phish Finder: Spotting Warning Signs
Phishing & Ransomware infographics & videos

 

CAM-2022-phishing-infographic.png

Phishing Tipsheet (PDF)

 CAM-2022-ransomware-infographic.png

Phishing is the most common cause of data breaches. Keep an eye out for phishing attacks and #becybersmart

Did you know ransomware attacks cost an estimated $623.7 million in 2021? Learn more about ransomware and #becybersmart

For more information, contact IT Services Office of Information Assurance at cybersecurity@ucsd.edu.