What is Phishing?

Phishing is a form of social engineering that uses email or websites to pose as a trustworthy organization in order to access your data. Scammers or hackers will try and pose as an organization you trust in order to trick you into giving them sensitive data like a username, password, social security number or credit card information. The best defense in protecting sensitive information from phishing emails is Duo two-factor authentication. If you have not yet activated your Duo account, do so today!


How can I tell if an email is a phishing attempt?

When you get an email that just doesn’t feel right, follow the tips below to avoid becoming a victim of a phishing attack.

First, notice the email address.

If you are receiving an email from The University of Alabama, the from email address should be from @ua.edu, not @yahoo or @gmail. Similarly, if you receive an email from a private company, the email address should reflect the company. For example, if you receive a tracking notification email from UPS, the email should be from @ups.com.

Hover before you click.

Phishing emails typically include a link or attachment. The scammers want you to click on the link to provide your sensitive data, or click on the attachment to download a malicious file. Beware! Do not immediately click on the link or attachment. First, hover over a link or attachment to see where it is taking you before you go. OIT has implemented Microsoft Safe Links to better block malicious links and attachments.

Watch for poor spelling and grammar.

This used to be a go-to tip; however, scammers utilize specialized translation tools to better fool users. Remember that official UA emails are always spell-checked, and should be error-free. Additionally, emails from UA will always be sent from an @ua.edu email address.

Beware of urgent or threatening language.

Do not trust emails that say “your account has been suspended” or “verify your information.” Scammers use language like this to get your attention.

If it’s too good to be true…

Students should be aware of false job offers and internships. Official employment communication will be sent through the UA Career Center and Handshake.

Call the message sender.

If you receive a message from a friend or coworker that seems to be out of character, pick up the phone and call that individual. Do not ask, “Is this really you?” over email. The phisher will be happy to reply, “Yes, of course.” When in doubt, call that person to verify that they sent the message.

Phishing can happen anywhere, to anybody.

We’re here to help, give us a call 205-348-5555. We’re happy to answer any and all questions about phishing attempts.