Skip to main content
Office of Information Technology

Learn About Phishing

Phishing is a trick used by scammers and hackers to steal your personal information through fraudulent emails or fake websites. Can you recognize a phishing attempt? Take Google's Phishing Quiz to find out!
Take the Quiz
What is Phishing?
How can I recognize it?
How can I report it?

Phishing is a fraudulent cyber attack method employed by scammers and hackers to deceive users into disclosing sensitive information, such as passwords, credit card numbers, or personal data.

Typically, phishing attacks are conducted via email, instant messaging, or other electronic communication channels, with perpetrators masquerading as legitimate entities, such as financial institutions or reputable organizations.

These fraudulent communications often contain urgent or enticing requests, prompting recipients to click on malicious links, download harmful attachments, or divulge confidential information.

Phishing exploits human psychology, leveraging emotions like curiosity, fear, or a sense of urgency to manipulate individuals into compromising their security. Being vigilant and aware is essential in identifying and preventing phishing attempts to safeguard personal and organizational integrity.

Watch this video for an example of a phishing attempt:

Gift Card Scams

  1. Take your time: A minute of caution now can save you from the embarrassment and frustration of losing private data to a criminal.
  2. Look for anomalies: Ask yourself: is there anything out of the ordinary about this email? Were you expecting it? Is it written in the sender’s voice, or does it sound “off”? Are there grammar or spelling errors? Are the logo and branding different from usual, or even missing altogether? Professional places of business will rarely allow even one mistake in their emails.
  3. Check sender's email address: Does their email match their organization exactly? Phishers often use email addresses that look similar to legitimate ones but may contain slight misspellings or unusual domain names like “susan@amazon.com.net” or "susan@grnail.com."
  4. Notice urgency & fear tactics: Be cautious of emails or messages that create a sense of urgency or fear, such as threatening consequences if you don't act immediately. Messages that urge you to act quickly before a deal ends, an account closes, or some other consequence strikes should raise a red flag. Legitimate organizations typically do not pressure you to take immediate action or threaten you. Don't accept any "free" offers or make any account changes you aren't absolutely sure you signed up for.
  5. Beware requests for personal information: Reputable organizations, like banks, government institutions, large companies, and your university, will never pressure you to divulge credentials or information, and certainly not in a single urgent email. Do not comply with such requests, especially if they claim there's a problem with your account.
  6. Check any URLs or attachments: You can hover your mouse over a link or button to see where it goes (or press and hold on a mobile device) before clicking. Phishing emails often contain links that lead to fake websites designed to steal your information. Avoid opening attachments from unknown or unexpected sources, as they could contain malware.
  7. Ask the human: Phishing emails are often scammers posing as people or organizations they think we are affiliated with. Just because an email seems to be from someone you know does not mean it is safe. Contact them externally to ask if the email is really from them. They will most likely say no.

To test your ability to identify phishing emails, take five minutes to try Google's helpful phishing quiz. The quiz provides an up-to-date look at what tactics online criminals will use to try to harm you.

If you think an email or message you've received seems suspicious, please forward it as an attachment to phishing@byuh.edu or ulua@byuh.edu for review.