Phishing is an identity-theft scam that uses "spoofed" or fake emails and Web sites to trick people into giving out personal information, such as credit card numbers, usernames and passwords, or social security numbers. Phishing is usually done by hijacking the brand identity of a bank or an online store in a spoofed email that is sent to large numbers of people. The email will usually contain a link to a Web page designed to look just like a legitimate company's site. A phishing scam will use this page to capture any information that you provide, then sell or use the information for malicious purposes.
Several variations of fraudulent email messages claiming to be from UIOWA Support, UIOWA.EDU, Webmaster@uiowa, etc. have been reported over the last several months. Phishing emails claim you must either click on a link to log in to a website, or click on a link and provide personal information, such as your password, last four digits of your Social Security number, date of birth etc., or risk having your accounts deactivated.
These are not legitimate messages.
ITS will never ask you to send passwords or any other personal information in an email.
Be especially cautious of links in email messages that take you to websites that ask for your HawkID.
NEVER respond to spam or phishing emails if you receive them. Responding to the message only identifies your email address as a target for future phishing schemes. The best course of action is to just delete the message.
"Spear phishing" emails are particularly difficult to block at the gateway because they are so targeted. However, ITS does its best to block these emails from coming through as soon as they are detected and to block responses to the address from which they are sent. If you accidentally replied to one to these messages with your password, change your Hawk ID password immediately at http://hawkid.uiowa.edu and contact the ITS Help Desk to report it as soon as possible.
See article 1416 for a common example of a phishing attempt email.
If you receive a phishing message, please follow the instructions at How to Report a Phishing Scam or Spam Email