Question
I think I received a phishing attempt. What do I do?
Be Reasonably Suspicious
Be reasonably suspicious about unexpected emails. You can contact either the USS-Technology Service Desk (TSD), the Information Security Office (ISO), or your local IT department for assistance with verifying the authenticity of any suspect emails. If you are unsure if a suspicious email is phishing, you can also contact the sending institution directly using officially published contact information for verification. For example, if you receive a weird email from the Registrar Office, call the number on their official website.
What Not to Do
If you suspect you have received a phishing attempt email: do not open any links, do not open any attachments, do not reply to the email, and do not start a remote session.
Information Services will never email you asking for your user name or password. Never reply to unexpected emails with sensitive information such as your Social Security number, and avoid transmitting information like that via email at all.
Review the UO Phish Tank
UO Phish Tank is a collection of suspicious email messages that have been reported to the ISO.
You can view phishing messages without logging in to the website. If you log in, you can also see messages that were reported as suspicious but are actually legitimate.
Reporting and Follow-up
If you have not opened any links, attachments, replied, or started a remote session:
- Report the message using the Report Phish button or Send a copy of the suspicious email as an attachment to phishing@uoregon.edu
- Delete the email
If you have opened any links, attachments, replied, or started a remote session:
- Unplug your network cable or disconnect from the Wi-Fi
- Contact your IT department or the USS-Technology Service Desk
If you have provided your password either via email or login form:
- Immediately change your login password at Duck ID Self-Service
- Change your security questions
- Report your account as potentially compromised to infosec@uoregon.edu
Examples of Phishing Emails
These are examples of phishing emails that UO faculty, staff and students have received.
"ADMINISTRATIVE ASSISTANT REMOTE JOB"
"Unable to display this message click here to view this message"
"You have received a new message from the IT Department regarding your account. Please sign in immediately to read this message."
"This is to inform you that a new course has been added to your study list and also view your timetable for the new coming session. Please Login below."
"Your online access has been temporarily disabled. Please re-activate your account immediately by clicking on the "Re-activate My Account" button below:"
For IT Professionals
Keep your customers aware of ongoing phishing threats and be available to assist them if they have questions concerning potential phishing emails.
University IT staff are encouraged to report phishing websites to Safe Browsing, Microsoft, and PhishTank in addition to sending notifications to phishing@uoregon.edu. Report phishing attempts to phishing@uoregon.edu. This allows Information Services staff to take steps to mitigate the phishing threats for users on the campus network. Submitting phishing websites to the resources identified below assists with protecting users when they are not on the campus network.
Report to Google Safe Browsing
Reporting phishing websites to Google's Safe Browsing improves Chrome, Firefox, and Safari built-in ability to protect faculty, staff, and students from active phishing threats.
Report to Microsoft
Reporting phishing websites to Microsoft improves Internet Explorer's built-in ability to protect faculty, staff, and students from active phishing threats.
Report to PhishTank
PhishTank is a collaborative clearing house for data and information about phishing on the Internet.