Phishing

Fees
There is no charge for use of this service.
Current phishing examples seen on campus
Top tips to avoid phishing scams
How to report a phishing scam

What is phishing?

Phishing is an identity-theft scam that uses "spoofed" or fake emails and websites to trick people into giving out personal information, such as credit card numbers, usernames and passwords, or social security numbers. Phishing is usually done by hijacking the brand identity of a bank or an online store in a spoofed email that is sent to large numbers of people. The email will usually contain a link to a web page designed to look just like a legitimate company's site. A phishing scam will use this page to capture any information that you provide, then sell or use the information for malicious purposes.

Several variations of fraudulent email messages claiming to be from UIOWA Support, UIOWA.EDU, Webmaster@uiowa, etc. have been reported over the last several months. Phishing emails claim you must either click on a link to log in to a website, or click on a link and provide personal information, such as your password, last four digits of your Social Security number, date of birth etc., or risk having your accounts deactivated. These are not legitimate messages.

Phishing can also come in the form of SMS text messages ("smishing"), where someone might send you a text message to your personal phone number or send an SMS text message to your email address. Usually these are targeted to specific employees that work with the person that they are trying to impersonate, that they can find from job posting websites and organizational charts. Smishing attempts often ask for someone to go out and purchase something for them such as gift cards or provide personal information. These are not legitimate, especially if the person has not contacted you outside of work or class before or the text messages are coming from a strange number.

ITS will never ask you to send passwords or any other personal information in an email. Be cautious of links in email messages that take you to websites that ask for your HawkID.

NEVER respond to spam or phishing emails if you receive them. Responding to the message only identifies your email address as a target for future phishing schemes.  The best course of action is to just delete the message.

If you receive a suspicious SMS message that might be SMS phishing, do not respond to the sender and if necessary, contact the individual through a separate, trusted contact method such as a university email or work phone number to verify the request.

If you receive a phishing message, please follow the instructions on how to report a phishing scam.

Support Articles

General Support Information

How to Report a Phishing Scam or a Spam Email
Fraudulent Emails Claiming to be from University Administration
How to Recognize and Avoid a Phishing Scam
Understanding website names - what the three-letter extensions mean
[External] Email Tag in Message Subject

Security

Phishing Examples
SMS Phishing Examples
LinkedIn Learning Video Tutorials
Cybersecurity Awareness Course: Phishing and Whaling
Avoiding Phishing Scams
Featured

How to prevent spear-phishing

Monday, November 7, 2022 - 6:00am
You may be familiar with phishing—scam emails (or direct messages, or social posts) that try to con you into giving up a password, downloading malicious software, or otherwise opening yourself up to a cyber-attack. But have you heard of spear-...
Close up of a laptop keyboard in eerie blue light

A four-step cybersecurity plan

Monday, October 24, 2022 - 11:45am
October is Cybersecurity Awareness Month , an annual reminder that virtually everyone needs to recognize and confront online threats. Big data breaches, ruthless ransomware attacks, and even cyberwarfare get all the headlines. But most cybersecurity...
Padlock lying on a computer keyboard
Featured

Four ways to protect yourself from phishing

Tuesday, April 12, 2022 - 11:36am
The University of Iowa email system receives more than 2.5 million messages per day, but about 69 percent never reach inboxes. Screening systems flag them as spam or scams—they’re discarded before they can do harm. But some deceptive and dangerous...
magnifying glass and lock icons to depict security awareness

Learn How to Stop Tax Scammers

Tuesday, March 8, 2022 - 12:10pm
As you file your taxes or await your refund, look out for tax-related scams which could put your identity and finances at risk. Tax season typically brings a surge in phishing attempts , including fraudulent emails that try to steer you to shady...
Calculator and tax forms

Protect yourself from tax-season scams

Wednesday, December 1, 2021 - 1:51pm
Be vigilant of unexpected or suspicious emails, text, or phone calls requesting personal or financial information this time of year, when cyber criminals develop income tax scams.
Caution cone on keyboard
Featured

ITS ramps up email security efforts to fight phishing

Monday, February 25, 2019 - 11:52am
External email tags set to begin March 5 To combat phishing and help students, faculty, and staff identify potentially fraudulent email, external email tagging will be enabled on Tuesday, March 5, 2019. Messages sent from outside the University of...
[External] tag in subject lines circled in red

Avoid holiday cybercrime

Wednesday, December 6, 2017 - 4:35pm
Cyber criminals love to take advantage of the holiday season. People are busy and perhaps less vigilant—particularly given the volume of email advertisements and online transactions happening this time of year. University IT security experts are...
Tree ornament
Featured

Two-Step Login expands to MAUI, ICON, and MyUI

Thursday, June 8, 2017 - 10:33am
The University of Iowa has expanded Two-Step Login to web-based applications, including MAUI, ICON, and MyUI, and campus cyber-security experts advise all UI faculty, staff, and students to enable the feature for these applications. Two-Step Login...
Man holding a smartphone with laptop computer on table in the background.

IT security advisory: password change recommendations

Friday, April 11, 2014 - 1:49pm
The Heartbleed security flaw affects websites across the Internet. Users are changing their passwords as sites install patches to protect against the flaw. Image via Wikimedia Commons. As you have likely heard in the news, IT security researchers...
Heartbleed bug graphic

It’s a Jungle in There, Part II: strengthening your defenses

Thursday, January 2, 2014 - 10:20am
One aspect of protecting yourself from cybercriminals is learning to spot a scam—being very skeptical of too-good-to-be-true offers, urgent pleas for money, or warnings that your account is over quota or compromised. If an email is at all suspicious...
it's a jungle in there - ITS Security

UI adds IT security measures, offers tips after 'phishing' scam

Thursday, November 21, 2013 - 9:41am
University of Iowa officials are enhancing security and reminding campus technology users how to avoid being duped after a number of employees became victims of a recent “phishing” scam. Phishing uses “spoofed” or fake emails and websites to trick...

IT security office warns of e-mail scams, urges caution

Thursday, October 31, 2013 - 2:33pm
A series of convincing scams is tricking UI e-mail users into providing their login or other personal information to data thieves, and the IT security office urges the campus to exercise caution. The latest scams have used familiar terms like ITS...

Protect yourself from phishing scams

Tuesday, November 6, 2012 - 1:58pm
Have you ever opened your inbox to find an e-mail encouraging you to take advantage of a work-from-home opportunity that pays incredibly well? Or perhaps a message from a poor soul claiming to be stranded far from home and pleading for your...

Phishing Contact Information

If you are unsure if an email is phishing, contact your local IT support person or the ITS Help Desk.