What Is Phishing?
Learning What It Takes to Resist the Phishing Bait
Phishing is an attempt by an attacker masquerading as a trustworthy entity to acquire your sensitive information through any means necessary. The most well-known attempts are through email and attempt to obtain your usernames, passwords, credit card details, money, etc.
For example, a phish might generate an email, posing as your IT Administrator requesting that you click on a “secure” link, input and validate your username and password to update your computer. When you follow the instructions and enter that information, you have been phished.
Protect Yourself Against Phishing Attacks
Phishing is not a foolproof attack. There are ways to protect yourself against attempts. Here are some tips you can use to guard against phishing scams:
- Phishing Isn’t Only Via E-Mail! Phishing attacks can be launched through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Seems too good to be true? Then it probably is.
- Know the Signs. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, and/or an offer that seems life changing? Click that delete button.
- Verify the Sender. Check the sender’s e-mail address to make sure it’s legitimate. If it appears that your institution’s help desk is asking you to click on a link to increase your mailbox quota, but the sender is “UniversityHelpDesk@yahoo.com,” it’s a phishing message. If you don’t recognize it, be suspicious.
- Don’t Be Duped by Aesthetics. Phishing e-mails often contain Campus logos, links to actual company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other telltale signs of phishing attacks. Do not hesitate to contact the sender directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.
- Never, Ever Share Your Password. Did We Say Never? Yup, We Mean Never! Your password is the key to your identity, your data, and your classmates’ and colleagues’ data. It is for your eyes only. Your institution’s help desk or IT department will never ask you for your password.
- Avoid Opening Links and Attachments from Unknown Senders. Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
- When You’re Not Sure, Call to Verify. Let’s say you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the president of your college or university. Cybercriminals often spoof addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the e-mail, call them at a known number listed in your institution’s directory to confirm the request.
- Don’t Talk to Strangers! Receive a call from someone you don’t know? Are they asking you to provide information or making odd requests? Hang up the phone and report it to the help desk.
- Don’t Be Tempted by Abandoned Flash Drives. Cybercriminals may leave flash drives lying around for victims to pick up and insert, thereby unknowingly installing malware on their computers. Never insert flash-drives from unknown sources into your computer.
What to Do If You Have Been Phished
- Change your password immediately.
- If you have reset questions and answers, change them.
- Report the phishing email to your local IT Administrator and to the Information Security Office.
- If you are unsure that you have been phished, but believe an email might be malicious, report it to the Information Security Office to investigate by sending an email to email@example.com.
UCLA Phishing Awareness
To see updated alerts on phishing attempts across campus visit our phishing alert page.