Learn to Spot a Phishing Scam

What is phishing?

Phishing uses fake emails or websites to collect usernames and passwords as well as bank account numbers, social security numbers, and other personal information. These emails and websites may look real, but they are actually designed to fool you into divulging information.

Learn more about phishing emails and how to report them.

How to spot a phishing scam

You can identify a phishing scam by looking for email messages that:

Create a sense of urgency
Invoke strong emotions, like greed or fear
Request sensitive data
Contain links that do not appear to match legitimate resources for the organization that is contacting you

Always remember that legitimate companies and organizations will never ask for passwords, social security numbers, and other sensitive data via email.

Phishing email examples:

***************************************************

Subject: Confirm Your E-mail Address
Dear Webmail Account Owner

This message is from web mail admin messaging center to all web mail account owners. 

We are currently upgrading our data base and e-mail account center. We are canceling 
unused web mail email account to create more space for new accounts.

To prevent your account from closing you will have to update it below to know it's 
status as a currently used account.

CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username :
Email Password :
Date of Birth :

Warning!!! Any account owner that refuses to update his/her account within Three days 
of this update notification will loose his/her account permanently.

Thank you for using this web mail

Support Team

***************************************************

Here are some more examples of phishing scams that have been received by the Pitt community. You can review these examples to familiarize yourself with various phishing messages. You can always view the latest phishing alerts on our Alerts and Notifications page.

Avoid phishing and protect others

Email and Phishing Training Course

Learn how to protect yourself from phishing scams, how phishing attacks work, and how to recognize and respond to one—take the Pitt IT Email and Phishing interactive mini-course.

Follow the steps in the Safe Computing for Students and Safe Computing for Faculty and Staff sections to learn more about protecting yourself from phishing scams.

To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. When you report them to our security team, we will examine the email and, if necessary, advise you of any further steps you may need to take.

Listen Up!

Email scams are known as phishing, while phone scams are often called pretexting. Both are forms of social engineering that employ deception and manipulation. The warning signs that this is a scam include:

Urgency
Strong emotions
Requests for sensitive data.

Take a Listen:

This is a real example of a phone scam left on the voicemail of a University employee, who forwarded it to Pitt IT.

Security Standards and Best Practices

Security Monitoring and Alerts

Information Technology regularly reviews news about major security vulnerabilities that impact computers widely used by the University community, and monitors for attacks directed against University computers.

When University computers are at risk, we post security alerts here on our website.

Stay Updated

Stay updated on the latest Pitt IT news, services, and events:

Subscribe to the Pitt IT e-Newsletter:
- Student IT Newsletter
- Faculty & Staff IT Newsletter
Read the Pitt IT Blog, Panther Bytes
Like and follow @UPittIT on Facebook, Twitter or Instagram
Sign up to receive text updates:
- For IT News, text* itnews username to 970-610-6092
- For IT Alerts, text* italerts username to 970-610-6092

* Standard text messaging charges apply

Information Technology

Search form