Tips to Avoiding Phishing Attacks

Phishing is a scam that uses social engineering to trick a person into revealing personal or confidential information the scammer can use illicitly.  Phishing attacks are typically carried out using email or a malicious web site posing as a trusted person or well-known organization.

How do you avoid being a victim?

1.  Examine website links.  Hover your cursor over the hyperlinks in the message.  Does it match the domain name from the organization you trust?  If not, do not click the link or open attachments, discard the message.  Even if you do not intend to provide sensitive information you may be exposing yourself to a malicious website that may take advantage of a web browser vulnerability.  Carefully review the URL, character substitution may be used to trick you. (e.g. [bad], [bad], [good])

2.  Review the message for spelling or grammar errors. Professional organizations rarely publish information without critical review.  Be wary if you notice misspelled words or grammar errors.

3.  Determine the tone of the message. Be wary of messages that try to induce panic, invoke a sense of urgency, have a threatening tone, or provide you with an irresistible opportunity.  Be wary If the message is not personalized.

4.  Determine if you need to provide sensitive information or money...  The scammers want your personal information or money.  Be wary of any solicitation for your username, password, social security number, credit card number, bank account, etc.  

    • Never provide sensitive information to individuals or organizations you do not trust.  
    • Never provide sensitive information via email.  
    • If you have any reason to suspect fraud, call the organization to determine if the message is legitimate.  
    • Verify the website is secure.  Ensure the URL begins with https:// (The ‘s’ is “secure”)
5.  Protect your personal computer with a firewall and anti-malware software.  University owned workstations are protected with firewalls and anti-malware. 

6.  Check your online accounts and financial statements frequently for suspicious activity.

What to do if you become a victim?

1.  If you revealed your password, change it immediately.

2.  If you revealed sensitive information about the University, University network ID, or MyCentral account, report the incident to the Technical Support Center (TSC) at 660-543-4357 or

3.  If you believe your financial information has been compromised, contact your financial institution immediately.

4.  If you provided personal or financial information to an illegitimate site, file a report with the Federal Trade Commission at  Also, visit the FTC’s Identity Theft website  Victims of phishing could become victims of identity theft; the identify theft website provides steps you can take to minimize your risk.  You may also contact UCM Public Safety or other law enforcement agency for additional assistance and information.