Phishing is the act of trying to obtain information from individuals usually in order to conduct inappropriate or fraudulent activities.
Protecting our personal information is everyone's responsibility. Please report any suspicious activity to firstname.lastname@example.org.
Never reply to an unsolicited email that asks for your personal information. The University of Memphis will never request personal information (e.g., your SSN, UUID and password, birth date or any account numbers) via email. Any reputable institutions (your bank, credit card company or loan officers) would not email you requesting this type of information either.
Any UofM employee should use an official memphis.edu email address for University-related correspondence. Take note of a sender's address if they ask for any personal information or use uncharacteristic language. However, be cautious of any unusual request regardless of the sender's email address, as an attacker could have illegally accessed an account or faked the sending address.
Never click on any links within an unsolicited email. The best practice is "if you are not expecting it, delete it". If it looks legitimate, use a second means of contacting the sender; for example, call them directly and ask if they sent it. Links within a phishing email often lead to malicious or bad internet sites. For example, a phishing email may contain the link "Click here to update your information" and then lead to a phony website requesting personal information. Always visit an institution's website directly, using their official URL, not the link in the email. Example of phishing email is located here.
Am I expecting an email?
- Is the sender's email address what I'm expecting?
- Would this person send me an attachment?
Always use common sense and good judgment. The University operates a broad array of security-related hardware and software designed to safeguard sensitive personal and institutional data. However, our networks and services are connected to the Internet, and we cannot block every fraudulent action that occurs on the world wide web. We need everyone to look carefully at what appears in your email—if it looks suspect, it probably is.
Remember—it is a violation of University policy IT6003 - Acceptable Use of Information Technology Resources to share your account information and/or password with anyone.