Thursday, March 26, 2026

Spring on campus brings a familiar rhythm. Students preparing for finals, researchers racing toward grant deadlines, clinicians reviewing patient charts, and faculty juggling email notifications.

And in the middle of all that activity, a message appears:

  • You have a secure message waiting.
  • A document has been shared with you.
  • Click here to view your attachment.

At first glance, it looks routine. Messages like these are part of everyday work across the university. But increasingly, attackers rely on this exact moment: the split second between seeing a message and deciding to click.

Welcome to what we call the season of the phish.

Over the next few weeks, the Information Security and Policy Office will share a short three-part series on common phishing tactics currently targeting universities and health systems. Each message will focus on a different type of cyberattack and how our campus community can help protect themselves and the institution.

Lesson 1: You have a message waiting

One of the most common phishing techniques today is the fake notification message.

These emails are designed to look like legitimate alerts from common systems, file sharing platforms, voicemail services, document signatures, or collaboration tools. They often include phrases like:

  • Secure document shared with you.
  • Voicemail transcription available.
  • Attachment waiting for download.
  • Action required to view message.

When the recipient clicks the link, they are often taken to a convincing login page designed to steal credentials. Once attackers gain access, they may immediately send additional phishing messages from the compromised account.

Universities are particularly attractive targets because our environments are collaborative and fast-paced. A message appearing to come from a colleague, a collaborator, or a trusted system may not raise immediate suspicion.

How to protect yourself

Before clicking on unexpected links or attachments, take a moment to pause and verify.

Ask yourself:

  • Was I expecting this message or document?
  • Does the sender’s address match who it claims to be?
  • Does the link direct me to a familiar university website?

If something feels unusual, do not click. Instead, report the message so security staff can investigate and help protect others across campus.

When in doubt, report it

If you receive a suspicious message, please report it to the UI Phishing team, or contact the Help Desk to help verify. Even if the message turns out to be harmless, reporting helps us identify emerging campaigns and reduce the chance that others will fall victim.

Cybersecurity is a shared responsibility. And sometimes, the most powerful defense is simply pausing before the click.

This article discusses one of the most common attacks: the message claiming “you have a document or attachment waiting.” But sometimes phishing messages don’t come from unfamiliar senders. What happens when the attack comes through a trusted vendor or partner?

Related service(s)
IT Security Information