Phishing

  1. What is "phishing?" "Phishing" (pronounced "fishing") refers to a form of fraud that attempts to acquire sensitive information (usually your username, also called login or loginID, and passphrase/passphrase). There are many variations, but the most obvious characteristic of a phishing message is that it instructs you to provide sensitive information either by replying to the message, or by clicking on a link and entering the information on a web page. There is no legitimate reason for anyone to request a password/passphrase or other sensitive data via email, and you should never respond to any such message.
  2. What should I do if I think I might have responded to a phishing message? Call the IT Express Computing Services Help Desk at 530-754-HELP (4357) immediately if you think you have provided your passphrase or other personal information in response to a phishing scam.
  3. What if a message, which seems to come from someone at UC Davis, asks me to confirm my login ID and passphrase? UC Davis will never ask you to do this via email or telephone. Call IT Express at 530-754-HELP (4357) if you are unsure about the validity of an email from a campus address.
  4. How do I know if a message is a phishing scam? Phishing messages often:
  5. Print and post this Don't Let Phishers Play You flier to remind you what to look for.
  6. What can happen if I reply to a phishing scam? If you send them the information they request, they could use your email account to send millions of spam messages, open accounts under your name, or commit other fraud.
  7. How can I prevent my campus computing account from being compromised?
  8. Why doesn't the campus just block phishing scams like we block spam? We employ multiple layers of the latest and best anti-spam, anti-virus, and anti-phishing technology available. Unfortunately, these systems cannot block all malicious email.
  9. I've never replied to a phishing scam, but have been getting spam emails from my own email address. How does this happen? These emails result from a very easy spammer technique called "spoofing." All spam has a spoofed (or forged) "From" address. Unfortunately, there is no way to prevent the use of someone else's "From" address in email. If you receive more than five spam messages from yourself per day, contact the IT Express Computing Services Help Desk at 530-754-HELP (4357).
  10. What happens to compromised accounts? When UC Davis identifies a compromised account, the account is locked immediately. If your account is locked, you must go to one of six passphrase reset locations in campus computer rooms, prove your identity, and change the passphrase. Click here for more information.