What is spoofing and phishing?
Both spoofing and phishing are based on an email sender (hacker) being able to deceive the recipient (you) to gain access to sensitive information or data. Spoofing's purpose is to trick the recipient into downloading or executing a malicious file, whereas phishing's purpose is to trick the recipient to willingly provide sensitive information or data.
I am suspicious of an email. What do I do?
Emails that are suspected to be spoofing or phishing should be reported using the Report Phish button.
Found on the Home Toolbar in Outlook application.
Found on the Banner Strip in Outlook online.
Other tips to protect yourself from email attacks
- Do not respond to an email (or click on a link) that asks you to validate your information and then asks for IDs, passwords and other sensitive information. UNMC and Nebraska Medicine Information Technology Services will not ask for this information in an email.
- Do not click on unknown links or attachments, as these can be disguised to make them appear legitimate.
- Do not enter information in a pop-up.
- Do not respond to or take actions on emails regarding urgent requests or wire transfers.
- Emails with poor spelling and grammar are red flags that the email is a scam. Delete it immediately.
- Do not send personal information in an email or through an unsecured website. Only enter sensitive data if you trust the website AND if it has a lock icon in the URL.
- Always check to see who the email is coming from. It is common for an attacker to pretend they are someone you may know such as a colleague, manager, leader, etc. Do not respond to these emails! If you believe the email is legitimate, contact the sender by a known phone number to verify the individual and request.