Recognize and Report Email Scams

Phishing is a common scam tactic to trick you into revealing sensitive data by visiting a fraudulent website, opening an infected document, or logging in to "validate your email account."

Challenge

A friend or colleague shared a document with you! Log in now or your account will be shut off! Click this link to view a secret message! 

Is the email real? How do you know? 

In a phishing scam, an attacker sends an email or other electronic message posing as someone their target may know or on behalf of a legitimate organization. Their goal is to trick people into revealing sensitive data such as their banking/credit card details, personal or sensitive information, and usernames/passwords. That information is then used to access important accounts and can result in identity theft and financial loss. 

These emails, websites, documents, or login pages may be obviously phony, but others may look just like the University’s login page. Higher education institutions are popular targets for phishing.

Solutions

Recognize Phishing Scams

• You receive a message you were not expecting.
• You receive a message with strange or unexpected content, or is delivered in an unusual way. 
  • It contains a link that, when you preview by hovering your cursor over it, shows a URL that seems strange or unusual.
  • It appears to be from someone you know, but they reached out in an unusual way, such as over text instead of email.
  • It appears to be from someone you know, but the language or tone is different from how they usually communicate.
  • It appears to be from a real organization, but the message has misspellings and grammatical errors, or contains unusual images or attachments.
  • It asks you to open a shared document you are not expecting, to bypass policy/procedures, or to keep something secret.
• Mismatch in the “From” name and the email address used. 
  • The displayed name is a University colleague, instructor, or friend, but is not sent from their known @umn.edu email address. 
  • Emails from high-ranking UMN employees or seemingly official senders like “UMN Edu Team,” “Security,” “HelpDesk,” but do not use an @umn.edu email address.
  • The message appears to be from a reputable company, like Microsoft or your bank, but the email address is from another email domain like gmail.com or microsoftsupport.ru. 
  • Watch for subtle misspellings of the legitimate email domain name, such as micros0ft.com where the second "o" has been replaced by a “0”.
• Emails that prompt you to log in to something in an unusual or suspicious way, such as:
  • Via an emailed QR code or Google form.
  • Over text message.
  • From a link to a login page not ending in “.umn.edu” where you need to input your Internet ID, password, and a Duo Passcode.
• You receive a message that elicits a high sense or urgency or threatens negative consequences if you do not act quickly.

Check the examples on the Phishing Scams Targeting the University blog.

Learn what you can do to manage spam emails.

Take Immediate Action If You Think You Are a Victim

If you suspect you’ve fallen for a phishing attempt, email University Information Security (UIS) right away at [email protected] or contact Technology Help at [email protected] or call 612-301-4357.

Change your University internet password and account secrets immediately on the Internet Account Options page if you:

• Approved a Duo prompt (Push or Phone Call) that you did not initiate.
• Were asked to enter a 6-digit Duo Passcode when you don’t normally use them.
• Replied to a scam email with your personal information or clicked on a suspicious link.
• Opened an unexpected attached file or shared document from an email.

Visit identitytheft.gov to learn about immediate protective actions you can take.

Report Email Scams

• If in doubt, reach out! Ask University Information Security (UIS) for a second opinion by forwarding the original email to [email protected].
   
• Help educate Google’s filters by selecting the Report spam button, or More and then Report phishing option, in Gmail.