Search Information Security site

 

Main menu

What is Phishing?

Phishing is a fraudulent attempt, usually made through email, to steal your personal information. Phishing emails may appear to come from UVA (and may even have a return UVA email address). They may ask for personal information such as your UVA Computing ID and password, birthdate, Social Security number (SSN), credit card numbers and/or bank account information

Phishing emails may also ask you to click on a link that takes you to a site where your personal information is requested. For example, in our latest phishing email simulation, the email had a link that took you to a website to login with your UVA credentials.  To protect yourself and the UVA community, always remember:

  • Hover over links and verify the URL before clicking on them.
  • Double check the URL in your browser before entering information.
  • When in doubt, stop and ask. Try contacting the reputed sender using the email or phone number you have for them. If they are associated with UVA, use the UVA Internal People Search to get their phone number and email. If it's a business, look up the phone number.  Then use the information you have to contact them to confirm they sent the email and it's legitimate. Do not reply to the email, that email address is likely not going to who you think the sender is anyway - it's going to the scammer. 
  • Forward suspicious messages with full headers (this helps with investigations) to [email protected].

The best way to protect yourself from phishing is to learn how to recognize it.

Watch this 2-minute video about Phishing:

 

 

What to Do With a Phishing Email

Examples of Phishing Emails

Current Phishing Alerts

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form