Phishing Scams

Phishing scams are email messages that ask you to send or confirm sensitive information like your login ID and passphrase, bank or credit account numbers, or PINs. They often threaten to close your account. These scams sometimes ask the reader to visit a website to provide this information and the messages often appear to come from an organization you trust. They may even claim to be from UC Davis and ask for your username and password. These emails are not legitimate.

If you receive such a message you should  delete it. Alternatively you can check it against the Campus list of authentic email messages that may be misinterpreted as phishing scams.

An example of a typical phishing email:

phishing1

UC Davis (and most legitimate institutions) will never ask you to confirm or verify your computing account by providing your password via telephone or email.

Email requests that ask you to reply to an email or visit a non-campus affiliated website to confirm or verify your account by providing your password are phishing scams. DO NOT RESPOND TO THESE REQUESTS – even if they appear to come from an email address ending with “ucdavis.edu” or direct you to what appears to be a UCD website. In many cases a link will appear to be directing you to a legitimate address, but if you hold your cursor over the link you will see that the link address title is different from what appears in the actual link address (see illustration below), and may lead you to a malicious website. Do not follow links you cannot verify.

phishing2

There is no need to forward phishing emails to BML IT, however, if you accidentally respond to a phishing scam where you reveal any account information, please alert us so that we can advise you whom to contact.

To learn more about phishing scams and how to differentiate these from legitimate emails see the UC Davis Anti-phishing Campaign.