Skip to main content
(352) 733-0111

You Just Got Hooked!

A fishing lure

This was a phishing awareness email from UF Health IT Security. With UF Health faculty, staff, and students continuing to be targeted by phishing attacks UF Health needs to immunize the UF Health community against phishing scams and malware campaigns. If this had been a real phish, the bad guys would have your login information.

Don’t Fall for that Phish!
Unsolicited Links and Attachments are not safe!

What Is Phishing?

Phishing is an attack used by cyber criminals to trick you into giving up your usernames and passwords, personal information, or taking an action. These attacks begin with an email message, social media post, or sometimes even an unsolicited phone call pretending to be a trusted organization or someone you know and trust such as the UF or Shands help desks or email administrators, your bank, a store, a service such as Uber, a colleague, a friend, or even a family member.

These messages then entice you into taking an action such as entering your username and password at a deceptive web site, clicking on a malicious link, opening an infected attachment, or responding to a scam.

Phishing Indicators

  1. Be distrustful of email attachments and only open those you were expecting.
  2. Do not follow unsolicited web links; only click on those you are expecting. In many cases, you can hover over a link to see the true destination of where you would go if you clicked on it.
  3. No legitimate help desk, email provider, banking, brokerage, social networking or shopping site will ever ask you for personal or logon information in an email.
    1. Be aware that deceptive websites may look just like the regular UF Gatorlink, Shands logon page, or your bank’s logon page.
    2. Only use known good sites such as https://bridge.ufhealth.org, https://my.ufl.edu, or a bookmarked link you created.
  4. Be wary of emails that require immediate action or create a sense of urgency such as messages that read, “your access will be terminated in 3 days.”
  5. Be suspicious of emails that start with a generic salutation.
  6. Lookout for bad grammar and spelling mistakes.
  7. Check email addresses, not only the “From” address, but also the “To” and “Cc” fields. Is the email from a personal account? Is the email being sent to people you do not know?
  8. No, you did not just win the lottery and no, that Nigerian prince does not need help transferring money. Be suspicious of messages that sound too good to be true.
  9. Lastly, verify the legitimacy of any charity solicitation by contacting the organization directly through a trusted contact number.

YOU are the most effective way to detect and stop phishing.

Report phishing by forwarding the message (preferably as an attachment) to it_security@shands.ufl.edu and mailabuse@shands.ufl.edu.