Report Message Button added to Office 365 - March 7, 2023

Although most malicious email messages are blocked before being delivered to our mailboxes, some messages do make it through. In these situations, it is helpful when recipients report spam and phishing so IT staff can take appropriate measures to protect campus. The new Report Message button will be available in Outlook for Windows, Mac, iOS, Android, and Outlook for the web. People using other email apps can continue to forward suspicious messages as attachments to ui-phishing@uiowa.edu.

For more information about phishing and how to report messages, please visit https://its.uiowa.edu/phishing.

What is phishing?

Phishing is an identity-theft scam that uses "spoofed" or fake emails and websites to trick people into giving out personal information, such as credit card numbers, user names and passwords, or social security numbers. Phishing emails can be from a spoofed brand, faked email address, or fake From name.  The email may contain a link to a web page designed to look just like a legitimate company's site. A phishing scam will use this page to capture any information that you provide, then sell or use the information for malicious purposes. The email may spoof a name of a UI leader and ask you to do them an urgent favor or ask for information via a form. 

Several variations of fraudulent email messages claiming to be from UIOWA Support, UIOWA.EDU, Webmaster@uiowa, university leaders, etc. have been reported. Phishing emails claim you must either click on a link to log in to a website, or click on a link and provide personal information, such as your password, last four digits of your Social Security number, date of birth etc., or risk having your accounts deactivated or other words to try and scare you to giving out personal information. These are not legitimate messages.

Phishing can also come in the form of SMS text messages ("smishing"), where someone might send you a text message to your personal phone number or send an SMS text message to your email address. Usually these are targeted to specific employees that work with the person that they are trying to impersonate, that they can find from job posting websites and organizational charts. Smishing attempts often ask for someone to go out and purchase something for them such as gift cards or provide personal information. These are not legitimate, especially if the person has not contacted you outside of work or class before or the text messages are coming from a strange number.

ITS will never ask you to send passwords or any other personal information in an email. Be cautious of links in email messages that take you to websites that ask for your HawkID.

NEVER respond to spam or phishing emails if you receive them. Responding to the message only identifies your email address as a target for future phishing schemes.  The best course of action is to just delete the message.

If you receive a suspicious SMS message that might be SMS phishing, do not respond to the sender and if necessary, contact the individual through a separate, trusted contact method such as a university email or work phone number to verify the request.

If you receive a phishing message, please follow the instructions on how to report a phishing scam.