Stop Scammers and Recognize Phishing Attempts

Learn more about phishing at security.uark.edu.
Art Miller

Learn more about phishing at security.uark.edu.

Scammers launch thousands of phishing attacks every day. Phishing is the attempt to get passwords, university data, personal information or access to university systems by sending emails or text messages that appear to come from a trustworthy individual, business or institution.  

Phishing attempts are messages that tell you to click a link or open an attachment. For example: 

  • You will lose access to your account.
  • You must confirm personal information or pay an invoice.
  • You are eligible for a coupon or gift card.
  • You urgently need to respond to a request, question or threat.
  • Your family member needs help.

Some simple steps can help determine whether an email or text message is legitimate or if it is a phishing scam. 

Verify Contact Information

Legitimate email should include the sender's name and offer an alternative contact method other than replying to the email or clicking a link. When in doubt, do not click the link. Open your web browser and go directly to the company or department website for their correct contact information.

Don't Fall for the Hype

The email or text might claim that you will lose access to your email or bank account, for example. The U of A and other responsible institutions will never request your information over email or an unsecured website.

Check for the "S."

When updating your UARK password or logging into any service, always make sure you are at a site with https:// in the address. The "s" shows that it is a legitimately secured site. The only legitimate site for updating your U of A login information is Password Manager at https://account.uark.edu.   

What Should I Do When I Receive a Phishing Scam?

Use the Report Message button in Outlook  if you think you have received a phishing email.

The button is included with Outlook on the web, Outlook for iOS and Android and compatible versions of the Outlook desktop email client.  

Select the suspicious or junk message and click the Report Message button in Outlook. 

Select "Phishing" to ensure the suspicious email is reported to the university's IT Security team and deleted properly. Select "Junk" if it is unwanted spam. 

What if I Provide Personal Information to a Phishing Scam?  

If you provided personal information or entered your login information on a malicious site due to phishing emails or texts, change your UARK and other account passwords immediately.  

How does IT Services Prevent Phishing?

The IT Security Team manages several services that help prevent phishing scams from spreading across campus. The university's IT Security Team provides anti-spam and anti-malware protection with Microsoft Exchange Online Protection (EOP) and Safe Links. 

Microsoft EOP inspects messages for malware and uses rules to filter out messages sent from addresses known to distribute malicious email, as well as messages containing content like other spam messages.

In addition to Microsoft EOP, all UARK email is also routed through Safe Links, a server-side filter that examines messages for malicious URLs and other phishing tactics. Safe Links identifies suspicious emails, tests links and determines if the links are safe before allowing you to view them. 

October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. Simple steps such as storing data securely in OneDrive, avoiding and reporting suspicious messages and keeping software updated can go a long way toward protecting our campus community online. Throughout the month of October, get to know the basics of cybersecurity with the IT Services' Cybersecurity Checklist  and the Cybersecurity and Infrastructure Security Agency (CISA) resources.

Contacts

Rachel Gerner, content strategist
University Information Technology Services
479-387-3824, rgerner@uark.edu

News Daily