For starters, don't respond to the initial contact
Wednesday, May 11, 2016
Written by: Nicole Dahya

As part of its ongoing education and awareness efforts, the UI Information Security & Policy Office is reminding the campus to always be vigilant of “phishing” attacks—scams that use emails or phone calls to solicit personal or confidential information that the scammer uses illicitly.

Phishing scams are becoming increasingly sophisticated. In targeted “spear phishing” attacks, criminals may forge the sender’s email address, use the names of familiar contacts in the message, and include logos or language that at first glance seems legitimate. These targeted scams have occurred at the UI and many other institutions.

It’s important for all members of the UI community to take precautions to protect their own sensitive data, as well as confidential records/information they may handle for their jobs. Never respond to email requests for personal information such as passwords, Social Security numbers, or account numbers.

All UI employees are strongly encouraged (and many are required) to take the online Security Awareness Course, accessible through the “My Training” link in Employee-Self Service. The training can be completed in one sitting or a little at a time, and includes modules on phishing and spear phishing.

Additional educational resources are available at learnaboutsecurity.uiowa.edu.

Here are some clues to recognize scams and tips for what to do if you are suspicious.

  • Do not respond to the initial contact—especially if you are not expecting the e-mail and do not know the sender. If you receive an e-mail you suspect to be malicious, drag it into your Outlook ‘Junk’ mail folder. This will disable clickable images that are used to conceal malicious links and allow you to see where the link would actually take you if you were to click it.
  • NEVER provide personal or financial data, especially when it is requested by a stranger.
  • Do not engage the criminals in further communication. They can use your e-mail address to target you with more elaborate phishing schemes in the future. 
  • Watch out for messages with an urgent tone—like a promise of big money if you act NOW.
  • Don’t second-guess your instinct. If an offer sounds too good to be true, it’s probably a con.
  • Beware of messages riddled with misspelled words and poor grammar.
  • Do a web search for the organization with which the email appears to be associated. Contact the organization directly using contact information on its website to verify the message.
  • Contact the ITS Help Desk at 319-384-4357 or its-helpdesk@uiowa.edu regarding any suspicious calls or emails you receive. By reporting possible scams, you alert UI officials for the benefit of other students and employees so they can take action to address it.
  • If you did respond with any personal information, immediately contact the ITS Help Desk, your local IT support person, or the IT Security Office at it-security@uiowa.edu.