Phishing: Internet Email Scams
What Is Phishing?
Phishing is the illegal practice of sending emails that appear to be legitimate with the intent of getting you to disclose sensitive information, such as your UC Davis account credentials, other account credentials, bank account information, social security number, etc.
How Can I Tell If an Email Is Phishing?
Phishing messages may look very authentic, but don't be fooled! Here are some tips to help you recognize phishing scams:
- DSS IT and campus IT personnel will NEVER ask you to provide your password over email.
- NEVER send account information, banking information, social security numbers, passport numbers or other personal information over email.
- Legitimate service providers (including PayPal, eBay, Google, Yahoo!, banking institutions, etc.) almost never include attachments in email to customers. If you receive an email with an attachment, be highly skeptical: it's probably phishing.
- Check the To: and CC: lines in the message header: if a message that should only be sent to you is being sent to multiple email addresses, that's a very good indicator that it is phishing.
- Be careful about web links in email messages. It is possible for a link that appears to go one website to take you to a different, malicious website. One good practice is to copy links from email messages and paste them into the address bar on your web browser rather than clicking on the links directly.
- Another good practice with links in email messages is to hover your mouse pointer over the link (WITHOUT clicking). In most email clients, hovering over a link will result in a pop-up tooltip that lists the real destination of the link. If the real destination differs from the apparent destination, DO NOT CLICK.
- Pay attention to spelling, punctuation and grammar: you’ll often see a lot of errors in phishing messages. Lots of exclamation points (!!!!!) are a very good indicator that a message is not legitimate.
- Phishing messages often use threats along the lines of “your account will be closed unless you do X.”
- The DSS IT Service Desk is always happy to answer questions: if you think that a message might be phishing, please feel free to contact us.
Here are some examples of a phishing messages that have been marked up to show several indicators that the messages are phishing: