Phishing is a psychological attack used by cyber criminals to trick you into giving up information or taking an action. Phishing originally described email attacks that would steal your online username and password. However, the term has evolved and now refers to almost any message-based attack. These attacks begin with a cyber criminal sending a message pretending to be from someone of something you know, such as a friend, your bank, your company or a well-known store.
How to Recognize a Phishing Attack
A URL inconsistent with the message (for example, a message that claims it is from the service desk but does not include ucdenver.edu or cuanschutz.edu in the URL)
Spelling errors, poor grammar and odd formatting
A reply-to email address that is not from "ucdenver.edu" or "cuanschutz.edu"
A request for a password or other sensitive data
Generic greetings, like "Dear customer"
Threat to delete account if no action is taken
Remember that legitimate companies and organizations will never ask for passwords, social security numbers, and other sensitive data via email.
How to Know if Your Account is Compromised
Can’t login to your account because hacker changed the password or it’s clearly disabled or locked
Can’t send email to external addresses because Microsoft blocked it
Notice missing emails or returned undelivered emails
Find an unknown forwarding email or deleting email rule in place
See multiple unknown sent items appear in the “Sent Items” folder