Skip to main content
Sign In
 

Quick Help

Security


Viruses, worms and trojan-horse programs (aka "Malware")
Spyware
Phishing

“Phishing” is the attempt by some crook to entice you to provide confidential data by sending you a message that purports to be from a company or organization with which you do business. Making some false claim designed to panic you into action, such as the claim that an account needs verifying and will be cut off if you don’t take instant action, an email will ask that you go to a web site by clicking on a link in the email. The sender may address you by name and may include specific information related to you or your institution or department. When you go to the web site, you are asked to "update" or "confirm" personal information such as account numbers and passwords. The web sites may look just like a legitimate page from the company or institution the message purports to be and may be extremely realistic, but in reality the link leads to some other web site, often in another country, designed to mimic the real web site but intended solely to steal confidential information from you so that the perpetrators can fraudulently access your accounts.

This sort of scam is now very common, but it’s easy to avoid being fooled. Simply put, you should never provide private information in response to an unsolicited message, even one that appears to come from a known source that appears to be a legitimate message. The same applies to phone calls as well; someone may call you purporting to be from an official source and ask for confidential information. Do not give them any!

If you receive an email asking for confidential information, never click on any included link. No responsible company or organization will include a clickable link in an email asking for personal information since web links can be “faked” to actually connect you to some other unknown web site. Type the URL (website address) of the site directly into your web browser. If you have doubts about the legitimacy of any email you receive, contact the company by phone using a phone number listed directly on the web site of the company or organization (again, type the company’s web link; don’t click on any link in the email), not any phone number provided in the email - and ask if the issue is legitimate. The University of Colorado Denver Office of Information Technology (OIT) will NEVER ask for your password.

The same basic precautions apply to telephone calls. If you receive an unsolicited phone call from someone requesting personal or confidential information, unless you have caller ID that clearly shows the inquirer as being from a known phone number whose owner would be likely to ask for such information, get the caller’s name and phone number, hang up, and contact the organization directly via a known-valid phone number to verify the identity of the person and their need to know the information being requested. Then call the person back. If the person who the caller claimed to be is listed at a different phone number, call that phone number and verify that the person did indeed call you.

For more information and additional suggestions for protecting yourself, see:

https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/phishing

Passwords
Panicware
Securing Your Laptop