Phishing is a fraudulent attempt, usually made through email, to steal your personal information. Phishing emails may appear to come from UVA (and may even have a return UVA email address). They may ask for personal information such as your UVA Computing ID and password, birthdate, Social Security number (SSN), credit card numbers and/or bank account information
Phishing emails may also ask you to click on a link that takes you to a site where your personal information is requested. For example, in our latest phishing email simulation, the email had a link that took you to a website to login with your UVA credentials. To protect yourself and the UVA community, always remember:
- Hover over links and verify the URL before clicking on them.
- Double check the URL in your browser before entering information.
- When in doubt, stop and ask. Try contacting the reputed sender using the email or phone number you have for them. If they are associated with UVA, use the UVA Internal People Search to get their phone number and email. If it's a business, look up the phone number. Then use the information you have to contact them to confirm they sent the email and it's legitimate. Do not reply to the email, that email address is likely not going to who you think the sender is anyway - it's going to the scammer.
- Forward suspicious messages with full headers (this helps with investigations) to firstname.lastname@example.org.
The best way to protect yourself from phishing is to learn how to recognize it.
Watch this 2-minute video about Phishing: