Phishing Email

If it smells phishy, report it! 

  • What is a phishing email?

    Phishing emails are messages sent by individuals trying to "fish" for personal or financial information. Phishers are getting better every day at making their messages look authentic. There are two types of phishing emails:

    • Emails that ask you to reply to the message with confidential information, such as your user ID and password. Never respond to any email with confidential information. UH and other legitimate businesses will never ask for this information via email.
    • Emails that ask you to click on a link to a webpage, which then asks you to provide confidential information. Many times these webpages look like legitimate sites, such as Bank of America or PayPal, but they are not. When you provide your user ID and password, this information is captured by the phisher, who can then use it to log into the legitimate site.
  • How to identify a phishing email?

    • Use your mouse to hover over links in an email - This will show you the actual website you will be directed to if you click on the link.
    • Check the Sender's Email Address - Verify the sender's email address carefully. Look for any unusual characters, misspellings, or domains that seem suspicious.
    • Attachments - Avoid opening email attachments from unknown senders. Verify the legitimacy of the sender before downloading and opening any attachments.
    • Requests for Personal Information - Legitimate organizations won't ask for sensitive information like passwords or social security numbers via email. Be cautious if you receive such requests.
  • How to report a phishing email

    • Option 1 (Preferred): You can submit the email to our security system by clicking on "Report Suspicious Email" as shown below:
      This functionality is available for Outlook on Windows, Mac, Web, iOS, Android.
    • Option 2: Send the email as an attachment to your university's security mailbox (security@uh.edu, security@uhcl.edu, security@uhd.edu, security@uhv.edu) for a security analyst to review.