Phishing Attempts
Phishing is when cybercriminals attempt to gain sensitive information from an individual. This includes phishing for passwords, usernames, and other personal information. As a member of the university (faculty, staff, students, and researchers) it is your responsibility to protect your data and information to prevent cyber threats.
Remember that legitimate companies and organizations will never ask for passwords, social security numbers, and other sensitive data via email.
How to know if your account is compromised
Can’t login to your account because hacker changed the password or it’s clearly disabled or locked; Can’t send email to external addresses because Microsoft blocked it; Notice missing emails or returned undelivered emails; Find an unknown forwarding email or deleting email rule in place; See multiple unknown sent items appear in the “Sent Items” folder.
Don't take the bait
Cybercriminals use phishing—a type of social engineering—to manipulate people to click a link, open a file or share their username and password. Phishing attacks attempt to target your payment card data, gain control of your device or access your accounts. More than 90% of data breaches started with a phishing scam. Additional information about keeping your information secure is available on the CU Office of Information Security webpage.
How to recognize a phishing attack
A URL inconsistent with the message (for example, a message that claims it is from the service desk but does not include ucdenver.edu or cuanschutz.edu in the URL); Spelling errors, poor grammar and odd formatting; A reply-to email address that is not from "ucdenver.edu" or "cuanschutz.edu"; A request for a password or other sensitive data; Generic greetings, like "Dear customer"; Threat to delete account if no action is taken.
User Reported Phishing Attempts
The following steps outline how to report suspected junk or phishing emails to Microsoft and the Security Operations team. Depending on a user's Outlook client version, there will be three options to report suspected junk or phishing messages. You can use the built-in "Report" button along the top toolbar; the "Report Message" add-in; or you can right-click the message, hover over "Report" and choose "Junk" or "Phishing."
If you believe a message has been marked as junk by mistake you will have the option to report messages as "Not Junk" while in the Junk folder.
Outlook on the Web or Outlook Web Client
Use the "Report" button which gives the options "Report phishing" or "Report junk".
Windows Desktop Outlook Client
Use the "Report Message" and choose either "Junk", "Phishing", or "Not Junk".
Microsoft Outlook for Mac
The options to report phishing below will depend on what version of Outlook you have.
Use the "Report" button which gives the options "Report junk" or "Report phishing" or use the "Report Message" button and choose either "Junk", "Phishing", or "Not Junk".
If your workstation has been attacked
- Stop all actions. Do not turn off the computer.
- Contact the OIT Service Desk at 303-724-4357 or 4-HELP and report the incident.
Get Help
Phone Support
303-724-4357 (4-HELP)
7:30 a.m. - 6 p.m., M - Th
7:30 - 5 p.m., Fri
Chat Portal
Start Chat
8 a.m. - 7 p.m., M - Th
8 a.m. - 5 p.m., Fri
Noon - 5 p.m., Sat
Self Service Portal
Submit a ticket
Email the Service Desk
24/7 access to the OIT Service Center