Protect UCSF and Myself from Phishing and Other Similar Scams
WHAT YOU SHOULD DO IF YOU RECEIVE A RANDOM EMAIL OR CALL THAT ASKS FOR YOUR PRIVATE INFORMATION:
- Delete it.
- Do not reply or click on the link in the message.
- Hang up.
Instead, if you believe the sender or caller to be a legitimate organization open a new Internet browser session and type in the company’s correct Web address yourself.
If you are concerned about your account, contact the organization mentioned in the email or call using a telephone number you know to be genuine.
- Be wary of telephone numbers listed in emails.
Some scammers send an email or make a call that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice Over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
- Don’t email personal or financial information.
Other scammers will call you directly and ask for your private information. Again, because they use Voice Over Protocol technology, they can make the number look like a legitimate business by spoofing the caller ID.
- Validate the caller or sender
Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
- Be careful what information you publicize. Attackers may be able to piece together information from a variety of sources. Avoid posting personal data in public forums.
- Use and maintain anti-virus software and a firewall. Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable. Make sure to keep your virus definitions up to date.
- If you believe you have received a phishing message, but have NOT clicked the link or opened the attachment, please either delete the email or contact the IT Service Desk. By providing the full email headers, IT can stop other people at UCSF from receiving similar messages. Instructions are available at Obtain and Send Full Email Headers.
- If you clicked on a link and downloaded software, turn off your computer and contact the IT Service Desk immediately.
- If you clicked on a link and provided your credentials, change your password immediately and contact the IT Service Desk.
UCSF IT Service Desk
Fast, Efficient Solutions