What

phishing: the attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Have you noticed the gobs of phishing emails that have been going around lately? And it only gets worse with holiday and charity phishing scams.

Why

Phishing emails cost people time and are a big security threat. Think about the damage someone with malicious intent can do with your University internet ID and password. They can send email as you, log in to University systems, even change your direct deposit!!

So let's be phish-proof! It's easy!

How to

Here are the four easy steps to becoming completely phish-proof!


  1. Check the Grammar. A lot of phishing emails are written to try to sound professional and official, but make sloppy grammatical mistakes. A real email from your University tech professionals would be clear and proof-read.
  2. Check the Sender. Modern phishing emails are often from someone you know (because that person responded to a phishing email with their ID and password). But is it someone you know would email you about your inbox quota or password expiring (etc)? Usually not!
    Also remember, scammers can cut and paste Regents' copyright, wordmarks, etc, just as easy as anyone!
  3. Hover over the link. The phishing email will undoubtedly give you a link to use to reset your password, login to check your storage quota, etc. If you hover your mouse (don't click!) over any link in your email, you should see (usually at the bottom of the window) where the link is going to take you. A sure sign of phishing is for this link to NOT end in UMN.EDU.
  4. Report it. Always forward U of MN phishing emails to phishing@umn.edu. This address is closely monitored and security personnel can immediately stop traffic to the malicious link from the University network as damage control. If in doubt about a possible phishing email, always contact an IT professional!