Skip to toolbar

How to Recognize Phishing Emails

What is Phishing? phishing

“Phishing” emails seek to trick a user into divulging sensitive work information or personal information, such as usernames, passwords, Social Security numbers or credit card account information. Identity thieves then use a compromised user account to send spam and/or to steal using your own online identity.

Phishing emails falsely claim to be a legitimate enterprise or user. Phishing messages will direct the user to visit a fraudulent website to update or confirm account information. You may also see phishing emails that ask you to click on an accompanying a file attachment.

Recently there have been a number of phishing attempts that impersonate the University of Oregon’s Information Technology Services. You may also see phishing attempts that impersonate well known commerce websites, such as or

How to Recognize Phishing Emails

  • Check the name and email address of the sender: Often the identity thief uses an email that has nothing to do with the company, unit or group that oversees account management. Please note that some targeted phishing attempts, called Spear Phishing, are directed at specific individuals or companies. Attackers often gather personal or organizational information about their target(s) to increase their probability of success. This technique is, by far, the most successful on the internet today.
  • Look for overly generic content: You may see email subjects such as “ITS Service Desk” or “Your account has been disabled.” Phishing  emails often come from a group not a user that you can track down.
  • Look for misspellings or lapses in good grammar: Identity theft attempts often overlook proper spelling and grammar.
  • There is usually a threat of losing access: Phishing emails mention that your account is in danger of losing access or has lost access. This is to coerce the user into clicking on a contained link or attachment.
  • Check any links for their true web address: In most email clients you can move your pointer over the text of a link for a second and the program will reveal the full URL path of the link. By doing this you can tell if the text of the link is the same as the web address it is sending you to.  For example, try mousing over this link to see its true path:

Things to Keep in Mind

  • No one at the UO will EVER ask you for your password
  • All UO accounts are managed via the secure Duck ID website (
  • You should never click on a link to manage your ID. When in doubt about how to manage your account, you can always contact COEIT staff (, IT TechDesk staff (541-346-HELP / or go to the ITS TechDesk in Mckenzie Hall in person (151 McKenzie Hall)
  • Never open an email attachment, unless you are expecting it from a sender you know.

What if I get “phished”?

  • Do not worry; acting quickly to notify the appropriate support groups  (UO ITS /, COEIT / can get you back online within a few hours.
  • Notify the IT TechDesk, they will initiate a ticket to track the issue. They will request that you change your Duck ID password and security questions.
  • UO’s IT security group will contact you and COEIT about next steps relating to your desktop or laptop computer(s).
  • If an account has been compromised and is sending spam to others, UO ITS will deactivate the account. This means the user will not be able to access UO wireless networks, UO email, UO web services (e.g., logging into UO libraries databases) or Banner.