What is Phishing?
Phishing is a method used by attackers in an attempt to harvest personal or private information such as university passwords, bank account passwords, social security numbers and credit card numbers.
Phishing emails used to be easy to recognize because of their poor spelling and grammar. Now, phishing emails are often indistinguishable from official correspondence.
Here are some things that you can look for to determine the validity of a message:
Request for Password—The university IT Services will NEVER ask for your password. An email that contains a link that requests your username and password is a phishing attempt.
Non-UCDenver URL— If you receive an email and there is a link (URL) embedded in the email, hover your mouse over the link. If the link goes to a non-UCD URL (e.g. “hxxp://willaimjordan.ca/formgen/use/sdgft/form1.html”), the request is a phishing attempt. There are some advanced phishing techniques that can make the URL look legitimate, but an odd looking URL should be a dead giveaway that something is amiss!
URL deception—Phishing emails may display a link that appears to go to one site, but in reality goes to another. Always visit the site manually and don't rely on the link in the message.
Copying of official e-mail—Phishers may simply copy an official e-mail from a bank or retailer, and edit that e-mail for their own purposes before sending it to you. Contact the source through known legitimate channels, such as phone, or email them directly.
Similar URL's—Always verify the URL of the page that you are entering your information into. Phishing sites may rely on similar URLs, such as googkle.com, ebay-secure.com, upgrade-hsbc.com to fool users.
Use of @ symbol—The phishing URL may include the @ symbol somewhere within the address. The address http://email@example.com would actually be http://fake-ucdenver.edu. Check for the @ symbol in the URL, and don't follow these links.
Phishing techniques are becoming more difficult to detect as phishing attempts become more complex. Some links may actually send you to a legitimate site, and use some other technical means to capture your information!
For more information about global threats, visit:
A list of message subjects that have been used in recent phishing attacks against the university can be found here.
IT Services will never ask you for your credentials, under any circumstances. If you are unsure about a message, and it is not on the page above, please contact the IT Services Help Desk (303.724.HELP) for clarification.
You can also send any phishing e-mail samples that you receive to Spam Administrator so we can update our phishing protections.