UC San Diego SearchMenu

How To Identify Phishing Scams

Fishing hook on keyboard

Protect yourself from phishing scams with these tips.

Phishing (pronounced 'fishing') is an email scam designed to acquire sensitive information from people. The most successful phishing emails are designed to look like the email comes from a reputable source such as a known person or entity. UC San Diego faculty, staff, and students are often the target of attempts to gain login credentials or personal information through phishing scams that may claim to be coming from UC San Diego, UC San Diego IT Services, or a UC San Diego department. Sometimes the email says that your email account is over quota so you must click a link to reactivate or update your account, or that you must provide your user information to keep your account active. These are fraudulent attempts and should not be replied to or acted upon.

General tips

  • Never share your passwords with anyone.
  • UC San Diego, UC San Diego IT Services, your bank, FedEx, the IRS, your credit card company, and other reputable institutions will never ask for your password by email, phone, text message, or in person.
    • Financial or medical institutions may communicate with you via secure messaging. You may receive an email from a financial or medical institution informing you of this message, but it will never ask for your personal information or password.
  • Do not click on any embedded buttons in a phishing email, especially those that say "unsubscribe" or "remove me from this mailing list." These links often install malware on your system.
  • Call the individual or office that purportedly sent the email to confirm that it is a real request.
  • Report phishing attempts and false senders to IT Services Security at abuse@ucsd.edu.

Integrated Procure-to-Pay Solutions (IPPS) also provides guidance about supplier fraud and scams here on Blink.

If you have questions about phishing, consult your department IT staff or IT Services Security.

Expand all

Identify a phishing email

Look at this example of a phish message that is mocked up to show its telltale signs.

Remember, UC San Diego will never ask for or ask you to confirm your:

  • Account information
  • Password
  • Address
  • Personal information such as age, social security number, or home address.

Though the signature of an email may include a legitimate UC San Diego department name or logo, this alone should not be used to determine whether an email is actually from UC San Diego.

Check a website link within an email

Phishers commonly put a link in their emails that looks valid but actually goes to a fake or imitation site. If you hover your mouse over the link (without clicking it) you can see the actual destination website address.

Do not click on a link if:

  • The address does not correspond to your expectations.
  • You see misspellings in the address.

If you are uncertain, use a search engine to look for the institution's page and see if the addresses match.

What to do with a suspicious email

If you suspect a message is not a valid campus message, call the individual or office that purportedly sent the email to confirm that it is a real request.

  • Do not follow links to a webpage.
  • Do not fill out any forms that ask for personal or financial information.
  • Delete the message.

Report a fraudulent email

IT Services continuously monitors for phishing emails and takes action when the message source can be reliably determined. If you believe you have received a phishing email, forward it to the IT Security team at abuse@ucsd.edu.


Expand all