The link to the quiz is at the end of the article. Everyone who passes during July is entered to win one of six grand prizes!

Cybercriminals use phishing—a type of social engineering—to manipulate people into doing what they want. Social engineering is at the heart of all phishing attacks, especially those conducted via e-mail. Technology makes phishing easy. Setting up and operating a phishing attack is fast, inexpensive, and low risk: any cybercriminal with an e-mail address can launch one. Phishing scams, in general, continue to grow, with new methods and even greater impacts. Knowing what you're up against can help you be more secure. Here are a few things you can do to protect UCSF and yourself against phishing attacks:

• Report the Phish. If you believe you have received a phishing message, but have NOT clicked the link or opened the attachment, report it by clicking on the Phish Alarm button within your UCSF email.     
  
  For more information on where to find the button within different platforms, please go to the Phish Alarm Service Page. If you DID click on a link and downloaded software, contact the IT Service Desk immediately.  If you clicked on a link and provided your credentials, change your password immediately and contact the IT Service Desk.
  • UCSF IT Service Desk
  • MAIN: 415-514-4100
  • http://help.ucsf.edu/
• Limit what you share online.  The less you share about yourself, the smaller the target you are for a phishing attack. Cybercriminals use information you post online to learn how to gain your trust.
• Protect your credentials.  No legitimate company or organization will ask for your username and password or other personal information via e-mail. The University definitely won't.
• Beware of attachments.  E-mail attachments are the most common vector for malicious software. When you get a message with an attachment, delete it unless you are expecting it and are absolutely certain it is legitimate. If you’re not sure, call the sender at a number you know is legitimate to check.
• Confirm identities.  Phishing messages can look official. Cybercriminals steal organization and company identities, including e-mail addresses, logos, and URLs that are close to the links they're trying to imitate. There's nothing to stop them from impersonating the university, financial institutions, retailers, a wide range of other service providers, or even someone you know.
• Trust your instincts.  If you get a suspicious message that claims to be from an agency or service provider, use your browser to manually locate the organization online and contact them via the website, e-mail, or telephone number that you looked up – not what was provided in the message.
• Check the sender.  Check the sender's e-mail address. Any correspondence from an organization should come from an organizational e-mail address. A notice from your college or university is unlikely to come from [email protected].
• Take your time.  If a message states that you must act immediately or lose access, do not comply. Phishing attempts frequently threaten a loss of service unless you do something. Cybercriminals want you to react without thinking; an urgent call to action makes you more likely to cooperate.
• Don't click links in suspicious messages.  If you don't trust the e-mail (or text message or post), don't trust the links in it either. Beware of links that are hidden by URL shorteners or text like "Click Here." They may link to a phishing site or a form designed to steal your username and password.

Take the quiz on this Article. The prize for passing the quiz is one entry in a drawing for one of six Catch of the Day, ultimate fish seasoning sets for seafood, meat and even veggies.

Additional Information

Protect UCSF and Myself from Phishing and Other Scams

Properly protect my computer from Ransomware

Ransomware Rising: Putting Our Files at Risk

UC’s Important Security Controls for Everyone and All Devices