Phishing is an attempt to trick you into revealing private information. Emails, texts, or phone calls can “fish” for information by trying to lure you into giving passwords, credit card numbers, etc., to a malicious third party.
What to do if you receive a suspicious email
- Check to see if the email has been reported at utk.edu/status.
- Report suspicious emails and phishing scams to firstname.lastname@example.org. Once reported, delete the message.
- If you think the message might be legitimate, or if you are worried about the consequences of ignoring it, look up the organization independently and contact them directly.
- Do not click on links or call phone numbers provided in the message. They may redirect you to fake sites that mimic the real thing.
- Do not send your password via email.
How to recognize a phishing attempt
If you receive a suspicious email and are uncertain of its validity, please forward it to email@example.com. Do not respond to the message or provide any information until you confirm the legitimacy of the message.
- Are they requesting personal information? Red flag! Trustworthy companies and organizations will never ask you for your password, social security number, or any personal information via email.
- Is there a sense of urgency? Scammers use threats and urgency to scare you into acting immediately. If you are concerned, always contact the organization directly whether by phone or online. Never reply to a suspicious email.
- Who is the email from? Hover your mouse over the name of the sender in the From column to reveal email address of the sender. While it may appear to come from a person, business, or organization you recognize, the email address ending may appear to be suspicious.
- Is there spelling and grammar mistakes? While messages are becoming more sophisticated, often scammers misspell words.
- Are the hyperlinks within the email legitimate? Hover your mouse over hyperlinks to reveal the URL. Is it utk.edu or tennessee.edu website; if not, it may not be legit. Often the hyperlink will lead to a fraudulent site. To be safe, visit websites directly by opening a new window and typing the URL or go to the company’s website directly for assistance.
Questions about Phishing
There will be times when legitimate messages must be sent to inform you of necessary changes to your accounts. These may include password expiration notices, account expiration notices, or information about account abuse.
It is very important to remember that OIT will never ask for your password in an email. Any NetID password change will always take place on the Account Management web page. If you are ever in doubt about the legitimacy of a potential phishing email, call the OIT Help Desk at 865-974-9900 or forward the email with its headers to firstname.lastname@example.org.
In the case of banking, the results are obvious: the scammer now has access to your money. However, in a university what they gain access to is a bit different and could cause damage to both yourself and others. They could potentially gain further information about you and your friends/coworkers that they could use to steal more identities. They gain access to your email, allowing them to read and send messages on your behalf, including high quantities of spam. They will have access to UT services that you are authorized to use and could do things like change your insurance beneficiaries, emergency contact information, your course selections, etc. They could also lock you out of your account by changing your password.
Often, once a hacker has your NetID and password, they will use YOUR email account to send huge volumes of spam. This could result in UT email being blocked by some sites, preventing legitimate email from being delivered for multiple days. If OIT receives a report that your account has been compromised in this manner, we will block all access (including your own) to your account, and you must contact the OIT HelpDesk to request your access to be restored.
If you provided debit or credit account information, contact your financial institution immediately. If you provided your username and or password, contact the institution or organization that the account is associated with and they can assist you in resecuring your account.
With each new email scam that we observe, the OIT will block the links in the message to ensure that additional accounts are not compromised. If the link is hosted on a legitimate service, such as weebly.com, we will contact the hosting service and ask them to remove the site.
OIT system administrators also analyze the message and make configuration changes to attempt to block future messages, while being careful NOT to block legitimate email.
Unfortunately, it is impossible to predict what the next scam will look like or where it will come from, so we are unable to stop some of these messages from getting through to your mailbox. When they do, use the delete key.
If you have followed the link on a suspicious email or have noticed unusual activity relating to your account, you may have been compromised. If this is the case, you should take the following steps to protect yourself:
- Change your password at directory.utk.edu/passwords – You may want to do this from a computer you know is secure, so that if your machine itself is infected, your password will not become compromised.
- Run a virus and malware scan – Even if you believe that only your email was compromised it never hurts to run a virus and malware scan to ensure that your machine is clear of infections.
- Contact OIT if you believe that your computer was compromised or if your virus and malware scans turned up an infection.
- Faculty and Staff using university-owned computers should contact the OIT HelpDesk.
- Students should visit the OIT Student Computer Support Center on the 2nd floor of Hodges Library. Hours of operation.