Don't Fall for These Phishy Tricks

Need to know newsletter from the UC Office of Information Security

Phishing emails are one of the most common cybersecurity threats. With about 319 billion emails sent and received each day, users need to be on high alert for phishing attacks.

According to Proofpoint’s 2021 State of the Phish report, 75% of organizations around the world experienced a phishing attack in 2020. 74% of attacks targeting US businesses succeeded.

But knowing that phishing emails are out there and dangerous is not enough. It’s important to be able to recognize one. Here are some tips from the University of Cincinnati's Office of Information Security:

An urgent phishing email is designed to get you to act fast. It might tell you that your account was hacked or is going to be deactivated — click here to restore it!

Unfortunately, urgent phishing messages are common because they work. Fear makes people do things without thinking, so slow down!

Another type of phishing email asks you to verify your account by logging into a (fake) webpage or clicking a button to update your credentials.

These types of emails can collect your username and password, giving a hacker instant access to your account.

Hackers will try to impersonate someone at your company, real or fake. They might impersonate someone in the HR department, IT department or even a coworker.

In an internal message phishing email, it might ask you to click on a link to read and sign a policy document, read a document about a company- wide update or even try to request sensitive information.

Free things are enticing, but they can also be dangerous. If you get an email saying you won a free TV or “click here to enter a prize drawing,” be on high alert!

Hackers are trying to bait you into clicking a malicious link.

Phishers Attack at Many Levels

Everyone is at risk of phishing, no matter where they are in the food chain. Phishers specifically target CEOs and high-level executives with special phishing attacks intended to entice or fool them. These are known as whaling attacks.

Help! I might be getting phished. What should I do?

If you think you have received a phishing email, it’s important to slow down and examine it.

  • First, look at the sender and domain of the email address. 
  • Hover over any links and see where they might direct you to. 
  • Other phishy identifiers might be misspelled words, incorrect dates or odd requests.

If you see anything, email it to infosec@ucmail.uc.edu. The UC Office of Information Security can help you figure out if it’s a phishy email. Whatever you do, do not click on any links, reply to the email or send it to anyone else!


For any questions, contact UC Office of Information Security at infosec@ucmail.uc.edu.

Related Stories

1

HR partnership leverages best practices for better...

January 21, 2025

On Jan. 1, 2025, a new standardized exit survey launched to the university. The data reported by employees voluntarily leaving the university highlights UC’s employment strengths and helps identify areas for growth.

2

DTS invites UC community to share ideas for AI uses

January 6, 2025

UC Digital Technology Solutions invites members of the UC community to share their ideas about how using AI might help solve a problem or achieve a goal. Students, faculty, and staff are invited to submit an AI Use Case Submission Form by Friday, Jan. 27.

3

Limited IT support offered during winter season days

December 17, 2024

The IT Service Desk will be closed during winter season days. Visit the IT Knowledge Base (KB) for general support and self-help resources. Or, access 24/7 Canvas Support for Canvas and tools within Canvas​​​​​​​.

Debug Query for this