Friday, July 11, 2025

I love waterlemons.

You that read wrong.

You read that wrong, too.

This is how bad actors trick you into giving away information. 

 

Every day, attackers send phishing emails and text messages that rely on your eyes and brain to fill in gaps, trusting what you think you see. They rush you to click, respond, or log in before you’ve had a chance to pause and question.

Phishing campaigns frequently target the University of Iowa community, using everything from fake Duo alerts to “urgent” payroll updates and “document sharing” notices. These messages often look official but are designed to steal your HawkID credentials, banking details, or personal data.

You can help protect yourself and the university by slowing down and checking:

  • Link destinations: Hold (hover) your cursor over any link to preview where it goes. If it looks strange, don’t click it.
  • Sender addresses: Does the address shown on an email match who you think it’s from? Attackers will often fake names to look like your boss or IT support.

If a message seems suspicious in any way, don't download images or attachments. Don't send a reply, even to “unsubscribe.”

When in doubt, don’t act—at least not in the way the message demands. Instead, contact your local IT support staff or the ITS Help Desk.

See current examples of phishing emails targeting campus. New phishing attacks appear daily, so if you get a suspicious message that isn’t listed, don't assume it's safe.

If you receive a suspicious email or text/SMS, report it to the UI Phishing Team so we can block the sender and protect others.

Bad actors are counting on you to skim, rush, and trust. The best way to protect yourself and your colleagues is to pause before you click. Just like you paused to reread “waterlemons” above, pause before following the bidding of online crooks.

Your moment of pause could protect your data, your paycheck, and our campus.

 

 

Related service(s)
IT Security Information,
Phishing and Anti-Spam Efforts