Microsoft Outlook has a built-in option to report suspicious emails. But first, it’s always a good idea to forward it to the UIS Service Desk. We inform the Office of Information Security if we see any trends happening.

What is a phishing email?

Phishing is a type of online scam. Cybercriminals use deceptive tactics to manipulate people into giving them access to their money or information. According to a 2020 report by Verizon, phishing scams continue to be the top cause of incidents and breaches in the education sector. Motivated by financial gains, cybercriminals primarily targeted personal information and account credentials.

How do I know if an email is a phish or a legitimate message?

If something seems suspicious, it probably is. If you aren’t sure, you can still forward it to the UIS Service Desk and we’ll look into it for you.

We ask all CU employees to be conscientious when opening emails, even from known senders. One tactic often found in phishing scams is a directive that appears to come from your supervisor or a university leader. Fraudsters are getting more creative, as more people know not to open malicious links or attachments they weren’t expecting.

Keep in mind: No one from UIS will ever ask for your passwords. Any email asking for your password is a phishing attempt.

What should I do when I receive a suspicious email?

At a minimum, delete the email. We appreciate receiving phishing emails so that the Office of Information Security can track trends and inform others as needed. You can also report the email to Microsoft by clicking Report Phishing or Report Message in Outlook’s Reading Pane.

The Report Message offers a few additional options, such as “Report spam.” Once the email is reported, it will be deleted and its address blocked from sending you emails in the future. If you select Report Phishing, you will receive the following message:

Oh no, I opened a suspicious link or attachment! Now what?

Immediately report it as a possible incident. Reporting it immediately allows the information security team to act quickly, determine the level of impact and contain the incident. Visit the Report an Incident web page to learn more.

Information security incidents can happen to anyone. No retaliation will be taken against anyone who, in good faith, reports a possible information security incident.

To learn more about phishing emails and cybersecurity, visit the Office of Information Security.