Cybersecurity Focus: Stop Scammers and Recognize Phishing Attempts

Art Miller

Learn more about phishing at security.uark.edu.

Scammers launch thousands of phishing attacks every day. Phishing is the attempt to get passwords, credit card details, access to your device or other personal information by sending emails, instant messenger chats or text messages that appear to come from a trustworthy individual, business or institution.  

Phishing attempts are messages that tell you to click a link or open an attachment. For example: 

• You will lose access to your account.

• You must confirm personal information or pay an invoice.

• You are eligible for a coupon or gift card.

• Your family member needs help.

Some simple steps can help determine whether an email/message is legitimate or if it is a phishing scam. 

Verify contact information.

Legitimate email should include the sender's name and offer an alternative contact method other than replying to the email or clicking a link. When in doubt, do not click the link. Open your web browser and go directly to the company or department website for their correct contact information. 

Don't fall for the hype.

The email or text might claim that you will lose access to your email or bank account, for example. The U of A and other responsible institutions will never request your information over email or an unsecured website.  

Check for the "s."

When updating your UARK password or logging into any service, always make sure you are at a site with https:// in the address. The "s" shows that it is a legitimately secured site. The only legitimate site for updating your U of A login information is Password Manager at https://account.uark.edu.   

What Should I Do When I Receive a Phishing Scam?

Use the Report Message button in Outlook  if you think you have received a phishing email. 

The button is included with Outlook on the web, Outlook for iOS and Android and compatible versions of the Outlook desktop email client.  

1. Select the suspicious or junk message and click the Report Message button in Outlook. 

2. Select Phishing to ensure the suspicious email is reported to the university's IT Security team and deleted properly. Select Junk if it is unwanted spam. 

What if I provide personal info to a phishing scam?  

If you provided personal information or entered your login information on a malicious site due to phishing attacks, change your UARK and other account passwords immediately.  

How does IT Services prevent phishing?

The IT Security Team manages several services that help prevent phishing scams from spreading across campus. The university's IT Security Team provides anti-spam and anti-malware protection with Microsoft Exchange Online Protection (EOP) and Safe Links. 

Microsoft EOP inspects messages for malware and uses rules to filter out messages sent from addresses known to distribute malicious email, as well as messages containing content like other spam messages.

In addition to Microsoft EOP, all UARK email is also routed through Safe Links, a server-side filter that examines messages for malicious URLs and other phishing tactics. Safe Links identifies suspicious emails, tests links and determines if the links are safe before allowing you to view them. 

Securing our online campus community is an ongoing effort as cybercriminals continue to evolve their methods. Simple steps like not clicking links in emails or text messages, avoiding downloading unverified attachments and reporting suspicious messages can go a long way toward protecting our university. To learn more, visit the Cybersecurity Checklist.   

If you have questions or need assistance, contact your local IT support or the IT Help Desk.