What is Phishing?Up to Table of Contents
WHAT IS A PHISHING SCAM?
Email messages requesting your username (also called login or loginID) and password are called phishing scams.
WHY SHOULD I NOT RESPOND TO A PHISHING SCAM?
First, when you provide your username and password to phishers,
your account is compromised. Phishers can use your email account to
send millions of spam messages from campus email servers. When Internet
Service Providers (ISPs) such as Yahoo, Comcast and Hotmail detect
large amounts of spam coming from campus email servers they reject mail
from all UC Davis addresses. In much the same way that UC Davis
prevents spam originating outside the campus from reaching your email
inbox, Internet Service Providers prevent spam originating on campus
from reaching their email account holders.
WHAT HAPPENS TO COMPROMISED ACCOUNTS?
When UC Davis identifies a compromised account, the account is
locked immediately, preventing all use of the account until the
legitimate owner proves his/her identity and changes the password.
HOW CAN I PREVENT MY ACCOUNT FROM BEING COMPROMISED?
DO NOT respond to phishing scams in any way. It's really that simple. Just don't answer. Delete the message immediately.
HOW DO I KNOW IF A MESSAGE IS A PHISHING SCAM?
Here's how to recognize a phishing scam:
1. The message instructs you to supply your account information, including your password. The instruction may be to reply by email, or to click on a link in the message and supply the information via the web. This is never a legitimate request.
2. The message may have a "From:" line that sounds (and sometimes is) legitimate, but the message itself is vague. It may refer to a "database crash" or "a problem" or even simply "maintenance." None of these generic issues require your account information. A legitimate message from IET will be very specific, and will never ask for your password.
3. The message may contain some kind of threat for not supplying the information, such as having your account deleted.
4. Phishing messages are often, but not always, poorly written, with spelling and grammatical errors. Legitimate messages aren't always perfect, but with careful reading, many scam messages become obvious.
There are ways to identify scam messages that require a little understanding of the mechanics of an email message, but if you are in any doubt, contact the IT Express Computing Services Help Desk at 530-754-HELP (530-754-4357), or firstname.lastname@example.org.