Phishing
Phishing is an attempt to trick you into revealing private information. Emails, texts, or phone calls can “fish” for information by trying to lure you into giving passwords, credit card numbers, etc., to a malicious third party.
OIT will never ask you for your password, DUO two-factor authentication, or any personal information, via unsolicited email, text, or phone call.
How to recognize a phishing attempt
If you receive a suspicious email and are uncertain of its validity, please let us know! Follow the instructions in the OIT Knowledge Base when reporting an email to OIT. Do not respond to the message or provide any information until you confirm the legitimacy of the message.
- Are they requesting personal information?
- Is there a sense of urgency?
- Who is the email from?
- Are there spelling and grammar mistakes?
- Are the hyperlinks within the email legitimate?
Don’t take the bait! Learn how to spot a phish; watch this video:
Download the PDF or, read about it here.
What to do if you receive a suspicious email
- Check to see if the email has been reported on OIT’s System Status Center: Recent Email Scam.
- Report suspicious emails and phishing scams to OIT using the Report Message button in Outlook and the Report Spam button in Gmail; follow the detailed instructions in the OIT Knowledge Base.
- If you think the message might be legitimate, or if you are worried about the consequences of ignoring it, look up the organization independently and contact them directly.
- Do not click on links or call phone numbers provided in the message. They may redirect you to fake sites that mimic the real thing.
- Do not send your password via email.
Questions about Phishing
There will be times when legitimate messages must be sent to inform you of necessary changes to your accounts. These may include password expiration notices, account expiration notices, or information about account abuse.
It is very important to remember that OIT will never ask for your password in an email. Any NetID password change will always take place on the Account Management web page. If you are ever in doubt about the legitimacy of a potential phishing email, call the OIT Help Desk at 865-974-9900 or forward the email with its headers to abuse@utk.edu.
In the case of banking, the results are obvious: the scammer now has access to your money. However, in a university what they gain access to is a bit different and could cause damage to both yourself and others. They could potentially gain further information about you and your friends/coworkers that they could use to steal more identities. They gain access to your email, allowing them to read and send messages on your behalf, including high quantities of spam. They will have access to UT services that you are authorized to use and could do things like change your insurance beneficiaries, emergency contact information, your course selections, etc. They could also lock you out of your account by changing your password.
Often, once a hacker has your NetID and password, they will use YOUR email account to send huge volumes of spam. This could result in UT email being blocked by some sites, preventing legitimate email from being delivered for multiple days. If OIT receives a report that your account has been compromised in this manner, we will block all access (including your own) to your account, and you must contact the OIT HelpDesk to request your access to be restored.
If you provided debit or credit account information, contact your financial institution immediately. If you provided your username and or password, contact the institution or organization that the account is associated with and they can assist you in resecuring your account.
With each new email scam that we observe, the OIT will block the links in the message from the campus network to ensure that additional accounts are not compromised. If the link is hosted on a legitimate service, such as weebly.com, we will contact the hosting service and ask them to remove the site.
OIT system administrators also analyze the message and make configuration changes to attempt to block future messages, while being careful NOT to block legitimate email.
Unfortunately, it is impossible to predict what the next scam will look like or where it will come from, so we are unable to stop some of these messages from getting through to your mailbox. When they do, use the delete key.
If you have followed the link on a suspicious email or have noticed unusual activity relating to your account, you may have been compromised. If this is the case, you should take the following steps to protect yourself:
- Change your password at directory.utk.edu/passwords – You may want to do this from a computer you know is secure, so that if your machine itself is infected, your password will not become compromised.
- Run a virus and malware scan – Even if you believe that only your email was compromised it never hurts to run a virus and malware scan to ensure that your machine is clear of infections.
- Contact OIT if you believe that your computer was compromised or if your virus and malware scans turned up an infection.
- Faculty and Staff using university-owned computers should contact the OIT HelpDesk.
- Students should visit the OIT Student Computer Support Center on the 2nd floor of Hodges Library. Hours of operation.
Once you have completed these steps, please contact the OIT HelpDesk for assistance in checking your account for any malicious modifications.