Spammers are becoming more and more sophisticated in their methods to get people to reveal sensitive information. Common examples include:
- Phishing scams are an attempt to steal information, such as usernames, passwords, or other personal information, by sending official-looking emails from University administration, the IRS, or other professional entities. A good rule of thumb is that any email that asks for personal information is likely fraudulent.
- Spam emails are often attempting to sell products or drive traffic to a website. Spam emails are considered more of an annoyance than malicious, though websites linked in spam emails could contain malware or viruses. You can delete the messages, create a rule to mark as spam, or report directly to Microsoft (see below).
- Social engineering attacks are methods that try to get people to correspond to an account that seems credible but isn't and reveal sensitive information or click on malicious links. See Social Engineering Attacks: Common Techniques & How to Prevent an Attack for more information.
- SMiShing is using text messages to either get someone to take action or click a link to compromise their account. See What is Smishing for more information.
Current phishing examples seen on campus: email, text message/SMS
Check these pages for some recent messages. If you get a suspicious email or text message but don't see it listed, do NOT assume it is safe.
See How to Recognize and Avoid a Phishing Scam for more details.
If you are having issues with spam phone calls, see Blocking Incoming Telephone Calls
-
From your Inbox, open the phishing message
-
Click the down arrow next to the More icon and click Forward as Attachment or press CTRL + ALT + F
(depending on your view, you may need to click the three dots (…) and select Forward as Attachment)
(Mac Outlook users -in the Inbox list, press CTRL+click on the message and choose Forward as Attachment)
-
This will now show as an empty email with the phishing email as an attachment.
-
Send the email to the ui-phishing@uiowa.edu email address.
OWA users
- Click the Report button
- Select Report Phishing
Please note:
-
For more detailed instructions on attaching the email using various email apps see How do I forward an email with full headers?
-
iOS and Android users: login to the Office 365 web app (OWA) via https://office365.uiowa.edu to forward an email with full headers or use the OWA users instructions above
- Take a screenshot of the phishing text messages on your personal device:
- Send the screenshots to ui-phishing@uiowa.edu, along with any other details about the messages, such as if they were sent to other individuals.
- If the SMS phishing message is sent to your email address, follow the steps for email phishing above to forward the email as an attachment. See Current SMS Phishing Examples for how to identify these types of messages.
-
Select the message that is junk and move it to the Junk Email folder. Moving a message to the Junk Email folder will automatically be reported to Microsoft.
OR
-
Use the Report Message Add-In feature
For more information about managing your Junk Email, see How Do I Manage Junk Email and Spam?