How to recognize and avoid a phishing scam

UI Health Care is asking its employees to be aware of an increase in phishing scam attempts. Phishing is an identity-theft scam that can use emails and websites to deceive people into giving out personal information, such as credit card numbers, username and passwords, or even Social Security numbers.

Please follow these five best practices to avoid falling for phishing scams:

  • Never follow the links in an email you suspect might be phishing. If you are unsure about a link you receive in an email, hover your cursor over it. If the link text doesn’t match the link address, do NOT click it. Log directly onto the organization’s website, or call the organization. Ask if the organization is legitimately asking for the information in the email.  Note that hovering on links often does not work on mobile devices, so it is best to use a computer when determining the legitimacy of an email.

 

  • Always be suspicious of emails asking for sensitive information. Email is not a secure form of communication. Organizations you do work with already know your account information and will never request it in an email. Phishers usually include false statements to create a sense of urgency for information, such as, “Your account will be terminated unless you respond immediately.”

 

  • Never respond to an email request for personal information. Err on the side of caution. Look at the “from” field of the email. If the organization name does not match the “reply to” organization name, the message is probably fake. (For example, a message from a local credit union or bank would not have a reply email address ending in yahoo.com.) If you ever need to provide personal information like a credit card number, be sure to use a secure, trusted website.

 

  • Beware of phone phishing scams. If someone requests personal information on a phone call, be sure you initiated the call—not the other way around.

 

  • Make sure your operating system, antivirus software, and browser are up to date. Malware exploits vulnerabilities in the security of operating systems (such as Windows and iOS) as well as web browsers (such as Internet Explorer, FireFox, etc.). Be sure you have the latest security updates installed on your computer.

 

Think you received a phishing scam?

Trust your gut. If it seems off, it probably is.

Suspect emails or reports of phishing messages should be forwarded to ui-phishing@uiowa.edu. Learn how to send the email. 

If you have clicked on a link and think you might have become a victim of a phishing scam, contact the HCIS Help Desk at helpdesk-hcis@uiowa.edu or 319-356-0001.