Phishing is the attempt to get passwords, personal information, or university data by sending emails or text messages that appear to come from a trustworthy individual, business, or institution. Scammers launch thousands of phishing attacks like these every day, and they’re often successful.
Phishing attempts often look like an urgent message that tells you to click a link or open an attachment. For example:
- You will lose access to your account.
- You must confirm personal information or pay an invoice.
- You are eligible for a coupon or gift card.
Malicious actors also use spam phone calls, called spoofing, to access your personal information. Learn how to protect yourself from call spoofing.
Never Reply to Suspicious Messages
Use the Report Message button in Outlook if you think you have received a phishing email.
To verify a message appearing to come from a trusted source, open your web browser and go directly to the company or department website for their correct contact information.
The University of Arkansas and other reputable organizations will never request passwords or other personal information in an email.
What to Do if You Are Phished
If you provided personal information or entered your login information on a malicious site due to phishing attacks, change your UARK and other account passwords immediately.
Real World Phishing Example
At a glance, this might look like a legitimate email from a trusted business, but there are some things that should tip you off that this is a phishing attempt:
- The subject line says "important alert."
- "MAC" is in all caps, but "Mac" is the standard spelling.
- You are told you must fix an issue by clicking a link.
- The signature only provides a vague team name with no contact information.
- Mousing over the link shows that the address does not match what the link text says.
- The URL includes the words "password-changes" and "phishwall".
Phishing Simulation and Training
To increase awareness of cybersecurity best practices, IT Services launched KnowBe4, a security awareness platform that specializes in security awareness training combined with simulated phishing attacks.
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email that tries to evade spam filters.
Using KnowBe4, IT Services routinely sends randomized spam tests to faculty and staff. If the employee clicks a link in a suspicious test email, they will be sent to a training page that educates them on how to recognize spam. Employees are not tracked or penalized for clicking the link.
Email Filters and Link Protection
The university's IT Security team provides anti-spam and anti-malware protection with Microsoft Exchange Online Protection (EOP) and Safe Links.
Microsoft EOP inspects messages for malware and uses rules to filter out messages sent from addresses known to distribute malicious email, as well as messages containing content similar to other spam messages.
In addition to Microsoft EOP, all UARK email is also routed through Safe Links, a server-side filter that examines messages for malicious URLs and other phishing tactics. Safe Links identifies suspicious emails, tests links and determines if the links are safe before allowing you to view them.
Need help? If you believe an email link should not be blocked, contact the IT Help Desk or departmental tech support.
Unwrap Safe Links URL