Phishing is an attempt to steal sensitive information such as usernames, passwords, social security numbers, credit card numbers, and others via social engineering tactics.

Typically the attacker communicates via email or text messages.

Tips for protection

  • Always be cautious of who you communicate with. Confirm the sender is a trusted source – when in doubt, verify first.
  • A quick google search of the contents could tell you if other people have received similar-sounding messages.
  • Think carefully about what kind of information the email or link is requesting and who is sending it. Some entities, such as the IRS, explicitly state on their official website that they will NEVER communicate with you via email, text, or social media.
  • Even if the email looks like it coming from an official source, always closely examine the sender address and the address of any hyperlinks in the email.

Hyperlink text can easily be changed to obfuscate the original link. If you notice a suspicious hyperlink:

Right-click on the link.

Click “Copy URL”

Paste this link into a text editor such as notepad or Microsoft Word to see the real address.

Below are examples of phishing emails.

  1. In this email, the attacker tried to spoof an email address to make it appear as if it were coming from the service desk. If they succeeded in getting a user to click on the link, they would have obtained the user’s credentials if the user entered them into their fake website.
Example email 1
  1. In the following email, the attacker tries to impersonate the IRS. The link leads to a copycat page that uses same images and layout as the official IRS page.

Please note that the IRS will never send messages through email, text or phone as per their official site.

Reporting Phishing

If you receive spam or phishing emails, please delete them immediately. Do not click on any link included in the email.

For step by step instructions on how to report phishing, visit the service desk’s knowledge base. If you need any further assistance on reporting phishing, please contact the service desk.

What to do if you’ve responded to a phishing email:

If you already clicked on any links included in the email, please reset your password immediately by going to our password reset site.

Additionally, if you have responded to any of these emails, please reach out to public safety with any questions or concerns.