Beware of phishing attempts during the holidays

The University community is reminded to remain vigilant throughout the holidays as cybercriminals use this time of year to target people with phishing scams. Learn how to detect and report suspicious activity.
a computer login screen with suspicious symbols surrounding the monitor

From online shopping to working and studying, the University community is encouraged to remain on high alert for suspicious emails or activity that may compromise our organizational data or employee information. Experts from University of Miami Information Technology Department (UMIT) share tips on how to detect and report phishing and other suspicious activities.

Report suspicious activity.

  • If you suspect a message to be a phishing attempt, quickly report it using Outlook's "Report Message" feature.
  • If you are not using Outlook, or if you cannot determine if an email is legitimate or not, please forward the email to phish@miami.edu to notify the University's cybersecurity team.

Review email best practices.

  • Do not click on links or attachments from senders that you do not recognize.
  • Do not provide sensitive personal information (such as usernames and passwords) to anyone.
  • Do not try to open any shared document that you were not expecting.
  • Be suspicious of emails where the name and email address are different. For example, the sender's name is Sebastian Ibis, but the email address is Jane.Doe@gmail.com.
  • Emails coming from outside the organization will have a banner like the one below:external sender banner

 

Learn the top 10 things to look for in a scam. 

1. Do not trust the display name to determine the sender of the email.

Just because the email says it is coming from the name of a person you know or trust does not mean that it is genuine. Be sure to look at the email address to confirm the true sender.

2. Look but do not click.

Hover your cursor over parts of the email without clicking on anything. If the text looks strange or does not match what the link description states, do not click on it. Instead, report it to phish@miami.edu.

3. Check for spelling errors.

Attackers are often not concerned about spelling words properly when writing emails.

4. Consider the salutation.

Is the address general or vague? General greetings such as "To Valued Customer" or "Dear [Insert Title Here]" could indicate that the email is not legitimate.

5. Is the email asking for personal information?

Legitimate organizations are highly unlikely to ask for personal information through an email.

6. Beware of urgency.

Phishing emails will often use language to imply an emergency.

7. Check the email signature.

Most legitimate senders will include a full signature block at the bottom of their emails.

8. Be careful with attachments.

Attackers may try to use enticing names on attachments. Use caution when opening files with fake icons or long and unusual file names.

9. Do not believe everything you see.

When an email seems slightly out of the norm, it is better to be safe than sorry. If you see something that could be unusual, it is best to report it to the UMIT Service Desk at help@miami.edu.

10. When in doubt, contact the UMIT Service Desk.

No matter the time of day, the UMIT Service Desk encourages you to report anything of concern.

Visit it.miami.edu for more information on resources and support from UMIT.