Preventing Phishing

AdobeStock image of hook with the atsign for phisihing

What is Phishing

Phishing is a psychological attack used by cyber criminals to trick you into giving up information or taking an action. The term originally described email attacks that would steal your online username and password. However, phishing has evolved and now refers to almost any message-based attack.

Phishing attacks attempt to target your payment card data, gain control of your device or access your accounts. More than 90% of data breaches started with a phishing scam. These attacks begin with a cyber criminal sending a message pretending to be from someone or something you know, such as a friend, your bank, your company or a well-known store.

Recognize a Phishing Attack

  • A URL inconsistent with the message (for example, a message that claims it is from the service desk but does not include ucdenver.edu or cuanschutz.edu in the URL)
  • Spelling errors, poor grammar and odd formatting
  • A reply-to email address that is not from "ucdenver.edu" or "cuanschutz.edu"
  • A request for a password or other sensitive data
  • Generic greetings, like "Dear customer"
  • Threat to delete account if no action is taken 

How to Know if Your Account is Compromised

  • You are unable to login to your account because a hacker changed the password or your account is clearly disabled or locked
  • You are unable to send an email to external addresses because Microsoft has blocked it
  • You notice missing emails or returned undelivered emails
  • You find an unknown forwarding email or deleting email rule in place
  • You see multiple unknown sent items appear in the “Sent Items” folder

Report a Phishing Attempt

The following steps outline how to report suspected junk or phishing emails to Microsoft and the Security Operations team. Depending on your Outlook client version, there will be three options to report suspected junk or phishing messages. You can use the built-in "Report" button along the top toolbar; the "Report Message" add-in; or you can right-click the message, hover over "Report" and choose "Junk" or "Phishing."

If you believe a message has been marked as junk by mistake you will have the option to report messages as "Not Junk" while in the Junk folder.

 

Outlook on the Web or Outlook Web Client

Use the "Report" button which gives the options "Report phishing" or "Report junk".

reporting phishing step #1

 

Windows Desktop Outlook Client 

Use the "Report Message" and choose either "Junk", "Phishing", or "Not Junk".

phishing step #2

 

Microsoft Outlook for Mac

The options to report phishing below will depend on what version of Outlook you have.

Use the "Report" button which gives the options "Report junk" or "Report phishing" or use the "Report Message" button and choose either "Junk", "Phishing", or "Not Junk".

phishing reporting step #3

 

If your workstation has been attacked:

  1. Stop all actions. Do not turn off the computer.
  2. Contact the Service Desk at 303-724-4357 (4-HELP, if on-campus) and report the incident.

Information Security and IT Compliance

CU Anschutz

Education II North

13120 East 19th Avenue

5th Floor

Aurora, CO 80045


CMS Login