Avoid Phishing Scams
What is a Phishing Scam?
Phishing emails are emails designed to trick you into replying to them with personal information such as your username and password, Social Security number or financial account numbers.
Large institutions like UGA are targets for phishing, and getting phishing emails is a daily reality. However, if you know the red flags, or signs, of a phishing email, you can avoid falling for these scams.
Signs of a Phishing Email
- Wants you to take action. Examples: revalidate immediately, reply at once, upgrade now, confirm your contact information.)
- Has a close deadline for acting (Examples: immediately, within 24 hours, today.)
- Features poor grammar and spelling (Examples: we advice you, we are contact you, until you are approve and validate.)
- Threatens to remove access to a service (Examples: email, online banking, a social networking site, PayPal)
- Tries to trigger an emotional response — such as panic — to goad you into responding with the information they request.
Phishing messages are often sent from suspicious-looking email addresses and frequently have a generic greeting (Examples: Dear Email recipient, Dear Student, Dear members, or UGA).
Report a Phishing Scam
If you suspect an email may be a phishing scam, contact the EITS Help Desk at 706-542-3106 and forward the suspicious email to abuse@uga.edu.
You can also report phishing emails directly from Outlook.
- Select the Home tab
- Select Report Message on the ribbon
- Choose Phishing from the drop-down menu
- A Report Message pop-up will appear
- Choose Report
- Select the Message in your Inbox, and right-click
- Scroll down to Report Junk.
- Select Phishing
- A Report Message pop-up will appear
- Choose Report
- Click to highlight the email in your message list
- Select the Junk tab in the ribbon
- Choose Phishing on the drop-down menu
- Choose the Report button on the pop-up
- Right click to highlight the email in your message list
- Choose Security Options on the drop down
- Select Phishing on the drop-down menu
- Choose the Report button on the pop-up
Similar actions can be taken when you click the 3 dots in upper right of the message in the Outlook Reading Pane or if you double click a message to open it in a new window:
- Click the 3 dots on the message (upper right)
- Select either Security Options or Report Message
- Select either Mark as Phishing or Phishing
- A pop-up will appear
- Choose the Report button on the pop-up
Will UGA send legitimate emails that look like phishing scams?
There will be times when legitimate messages must be sent to inform UGAMail users of necessary changes to their accounts. These may include inactive account removal notices or information about account abuse.
UGA will never ask for your password in an email. Any MyID password change, refresh or update will always take place on the MyID Tools and Information webpage.
If you are in doubt about the legitimacy of an email, call the EITS Help Desk at (706) 542-3106 or forward the email to abuse@uga.edu.
Phishing Simulation
To ensure our faculty and staff stay knowledgeable of possible cybersecurity threats, The University System of Georgia has asked we periodically send simulated phishing emails to UGAMail inboxes, using our cybersecurity education platform, KnowBe4.
Clicking the links in the simulated phishing email will open a webpage on the KnowBe4 website, informing the user that they have clicked on a simulated phishing test and offering them tips to avoid phishing scams in the future.
Clicking on a simulated phishing test is not punitive, and test results for individual users will not be shared.
How can I avoid phishing scams?
- Never send passwords, bank account numbers, or other private information in an email.
- Avoid clicking links in emails, especially any that are requesting private information.
- Be wary of any unexpected email attachments or links, even from people you know.
- Never enter private or personal information into a popup window.
- Look for 'https://' and a lock icon in the address bar before entering any private information on a website.
- Install and regularly update an anti-virus program that can scan email.
What should I do if I have been scammed by a phishing email?
- Contact the organization that was the target of the scam to change any private information such as passwords or account numbers immediately. For UGA accounts, email the EITS Help Desk or call 706-542-3106.
- If you suspect a bank or credit card account may have been compromised, contact that institution to check your account immediately. You should also request a credit report from one of the three credit bureaus; Equifax, Experian or TransUnion.
- Visit the FTC web site or the Office of Information Security's Identity Theft and Identity Fraud webpage for more information.