Skip to Page Content
section image picture

Office of Information Security


What is Phishing?

Phishing is typically an email scam designed to trick you into thinking a legitimate organization is requesting private information. These scams ask you to send a reply, download an attachment or follow a link. The page may look exactly like an official website, but it is designed to steal your credentials or drop malicious software on your computer. Banks, E-bay, and Paypal are common targets for phishing attacks.

Spear Phishing is a phishing scam that targets a specific organization, such as UGA, in an attempt to trick people into revealing private information. Often, criminals sending out the scams have researched the targeted organization for names the organization uses, practices, and other details to lend their scams an air of authenticity.

Some spear phishing emails may look identical to an announcement you may expect from that organization. The best way to combat these is to always be skeptical when someone is requesting information, and to never, ever, email your password, bank account numbers, social security, or credit card numbers to anyone.

What does a Phishing email look like?

Phishing emails typically have a generic greeting and warn of some sudden change in an account which requires you to verify that you still use the service. These emails either include directions to reply with private information, or provide a link to a web site to verify your account. Emails claiming very sudden changes (within a week) or those that use poor spelling and grammar are clear warning signs of a fraudulent phishing email.

See our Phish Tank for some examples.

Will UGA send legitimate emails that look like phishing scams?

There will be times when legitimate messages must be sent to inform our email users of necessary changes to their accounts. These may include password expiration notices, information about inactive account removal, or in some cases, account abuse.

It is very important to remember that UGA will never ask for your password in an email. Any MyID password refresh or update will always take place on as well. If you are ever in doubt about the legitimacy of a potential phishing email, call the EITS Help Desk at (706) 542-3106.

Why can't UGA stop these emails?

UGA stops millions of phishing attempts, spam emails, and virus infected messages every day, but the methods scammers use change quickly to try to stay ahead of blocking techniques. Due to the large range of use for UGAMail, we must also be careful not to implement a filter which may block otherwise legitimate email from our users.

How can I avoid phishing scams?

  • Never send passwords, bank account numbers, or other private information in an email.
  • Avoid clicking links in emails, especially any that are requesting private information.
  • Be wary of any unexpected email attachments or links, even from people you know.
  • Never enter private or personal information into a popup window.
  • Look for 'https://' and a lock icon in the address bar before entering any private information on a website.
  • Install and regularly update an anti-virus program that can scan email.

Who do I contact if I think an email might be Phishing?

If you think you have recieved a phishing email but you are not sure, you can mail the EITS Help Desk. Alternatively, you can forward the message to the Office of Information Security's Abuse Team.

What should I do if I have been scammed by phishing?

Contact the organization that was the target of the scam to change any private information such as passwords or account numbers immediately. For UGA, contact the EITS Help Desk. If you suspect a bank or credit card account may have been compromised, contact that institution to check your account immediately and request a credit report. Visit the FTC web site or the Office of Information Security's Identity Theft and Identity Fraud webpage for more information.

Where can I get more information?