Recognize and report phishing

Phishing is a form of email fraud in which cyber criminals and other adversaries attempt to entice you to click on links or, download attachments so that they can steal valuable data, including your UW NetID login credentials. Phishing emails, texts, and calls are the most common way UW and personal data are compromised.

• Be cautious of unsolicited emails, texts, or phone calls asking for personal information.
• Be skeptical of emails that have a tone of urgency.
• Avoid sharing sensitive information or credentials over the phone, text, or in email.
• Don’t click on links, open attachments, or scan QR codes sent from unknown sources.
• Verify the authenticity of requests for information by contacting the individual or organization through a trusted channel.
• Beware of spear phishing attacks, in which adversaries target particular individuals or groups, such as researchers in the University community, in order to access or steal certain types of data or information.

Things to Do

1. Think before you click on links, download attachments, or scan QR codes–even if it appears to be from someone you know. If you weren’t expecting the email or you are not sure of its origin, call–don’t email–the sender.
2. Regularly check on the “Phishing Examples” page on this website to see phishing campaigns that are currently active–but know that those examples are NOT the only phishing emails coming in that day.
3. If you do click on a link, and you realize it’s a phish, contact help@uw.edu for guidance.
4. Use Sophos antivirus software and keep it updated. Members of the UW community may download the home version of Sophos for personal computers and home use.
5. Be wary of requests for transfers of money, job offers, or gift cards.
6. Messages that solicit money, ask for your financial or bank account information, or offer to send you money should be regarded as highly suspicious.Be aware that scammers may send you phony checks that initially clear and make funds immediately available, and then bounce–leaving you on the hook for the money.
7. Using a password manager can help by only prompting on verified login pages. Phishing sites won’t prompt your password manager.
8. Always keep your data backed up in case you are hit by a ransomware attack.
9. Review the scams page on the this website, share the information with others.
10. Report suspected email scams that target the UW to security@uw.edu. Report phishing messages to help@uw.edu.

Resources

Office of Information Security

• Phishing at UW online training
• Phishing infographic
• Scams web page
• Information about quishing
• Spear Phishing Risk Advisory

Federal Trade Commission: How to Recognize and Avoid Phishing Scams