Protect Yourself from Phishing
Stay alert this semester—be wary of unknown/external senders and unusual requests
The beginning of every semester brings a flurry of activity. Unfortunately, hackers take advantage of this time to try to catch you when you’re distracted. With some cybercriminals now using AI tools, these messages can seem more sophisticated than ever.
Beware of these common phishing scams
Some phishing campaigns attempt to steal money directly, such as jobs requiring you to deposit a check to your personal bank account, buy gift cards or wire funds. When the check bounces, and you lose that money.
Many phishers contacting your university email are engaged in “credential harvesting”—attempting to collect your NetID, password, and NetID+ (Duo) information. They later use that information to access your university email to send more phishing messages, log in to your UAccess Employee account to redirect your paycheck, or commit other fraudulent activity.
Scammers often want you to act before thinking. First, verify if emails come from an external [EXT] source, even if they seem to be from someone on campus. Be cautious of emails or texts that aim to provoke an emotional response to messages such as:
Job offers, often promising high pay for part-time work
Warnings that you will lose access to email
Opportunities for financial aid or support
Links to a document or shared file for you to access
Requests for your personal cell number or email
Stay safe and protect your information
Never share your password with anyone or enter your password or Duo code into a Google form. Do not approve a Duo Mobile notification if you are not logging in at that moment. UITS has made some upgrades to Duo Mobile to help reduce illegitimate access. See more about Duo Risk-Based Authentication and Duo – Password Expirations (log in to see articles).
The Duo Mobile app is the easiest and most current way to authenticate your logins. The 24/7 Support Center can help you set up Duo on your phone at any of the Tech Zone locations.
The Phishing Alerts webpage shows recent messages circulating on campus. If you get a phishing email not on that page, you can report the phish by forwarding the email as an attachment to phish@arizona.edu. If you responded to a message that you now think might have been fraudulent, contact the 24/7 Support Center.