What to Do If You Suspect Email Phishing at UCR

What is email phishing?

With electronic mail being a mainstay of personal and professional communication, malicious actors often utilize email in an attempt to steal personal or private information. Phishing emails are crafted to look legitimate but contain malicious programming or content used to capture sensitive data, which can put you and your workplace at risk.

How to identify email phishing?

Fortunately, there are simple ways to spot a phishing email. Here are some warning signs to look out for:

• Bad grammar or punctuation 
• Strange fonts or paragraph spacing 
• Slightly modified email addresses 
• Forms that ask for sensitive information like usernames and passwords
• Links to strange websites
• Requests for money from what appears to be a “trusted” person
• Language that creates a sense of urgency or ultimatum (i.e., "If you do not respond immediately you will be sent to collections")

If you believe you have received a phishing email, please consider the following:

1. If the potential phishing email appears to have come from an individual on-campus, don’t reply directly to the email.
   1. Pick up the phone and call the sender to verify its legitimacy.
   2. Create a new email and send it to the official address of the sender (see UCR Profiles) to verify its legitimacy.
2. Remember, while there may be some similarities, email spam is not phishing. Here are some key differences between the two.

Notifying the UCR Information Security Office of Phishing Emails.

After considering all of the information above, if you still believe you have received a phishing email, please immediately notify the UCR Information Security Office (ISO). Instructions on how to notify the ISO can be found in this article - How to notify the UCR Information Security Office (ISO) of Suspected Email Phishing