- What is "phishing?" "Phishing"
(pronounced "fishing") refers to a form of fraud that attempts
to acquire sensitive information (usually your username, also called login
or loginID, and passphrase/passphrase). There are many variations, but the
most obvious characteristic of a phishing message is that it instructs you
to provide sensitive information either by replying to the message, or by
clicking on a link and entering the information on a web page. There is no
legitimate reason for anyone to request a password/passphrase or other
sensitive data via email, and you should never respond to any such
- What should I do if I think I might have responded to a
phishing message? Call the
IT Express Computing Services Help Desk at 530-754-HELP (4357) immediately
if you think you have provided your passphrase or other personal
information in response to a phishing scam.
- What if a message, which seems to come from someone at
UC Davis, asks me to confirm my login ID and passphrase? UC Davis will never ask you
to do this via email or telephone. Call IT Express at 530-754-HELP (4357)
if you are unsure about the validity of an email from a campus address.
- How do I know if a message is a phishing scam? Phishing messages often:
and post this Don't Let Phishers Play
You flier to remind
you what to look for.
What can happen if I reply to a phishing scam? If you send them the
information they request, they could use your email account to send
millions of spam messages, open accounts under your name, or commit other
How can I prevent my campus computing account from
- Instruct you to supply your
account information, including your password/passphrase, by email or by
clicking on a link in the message and then entering the information via
the web. This is never a legitimate request.
- Have a "From:" line
that sounds (and sometimes is) legitimate, but the message itself is
- Contain a threat if you do not
supply the information, such as having your account deleted.
- Have spelling and grammatical
errors. Legitimate messages aren't always perfect, but with careful
reading many scam messages become obvious.
- Use a generic salutation rather
than using your personal name.
Why doesn't the campus just block phishing scams like
we block spam? We employ
multiple layers of the latest and best anti-spam, anti-virus, and
anti-phishing technology available. Unfortunately, these systems cannot
block all malicious email.
I've never replied to a phishing scam, but have been
getting spam emails from my own email address. How does this happen? These emails result from a
very easy spammer technique called "spoofing." All spam has a
spoofed (or forged) "From" address. Unfortunately, there is no
way to prevent the use of someone else's "From" address in
email. If you receive more than five spam messages from yourself per day,
contact the IT Express Computing Services Help Desk at 530-754-HELP
What happens to compromised accounts? When UC Davis identifies a
compromised account, the account is locked immediately. If your account is
locked, you must go to one of six passphrase reset locations in campus
computer rooms, prove your identity, and change the passphrase. Click here for more
- DO NOT respond to phishing scams
in any way. It's that simple. Just don't answer. Don't click on links in
the message. Delete the message immediately.
- Be suspicious of messages
requesting personal or account information.
- Be suspicious of messages threatening
to close or suspend your account if you don't respond with the
information they want.
- Check the authenticity of email
messages by calling a company phone number known to be genuine.
- See Cyber-Safety Basics for information about
protecting yourself and your computer from other cyber-attacks.
- See 10 Things Everybody
Should Know about How the Email World Works for more tips about email.
- Read even more about phishing at www.us-cert.gov/cas/tips/ST04-014.html.