Tip Sheet: Avoid Being Phished - Quick Tips

Esther Silver's picture



  1. Recognize phishing. Phishing messages are becoming more targeted, sophisticated, and even harder to recognize. Be wary of emails with links or attachments and of instant messages or phone calls with an urgent tone that ask you to reveal your account password or other confidential information. Additional things to look for:
  • Unofficial or unusual "From" address. A sender's email address that is similar to, but not the same as, an official company email address.
  • Urgent action required. Phishing often includes urgent "calls to action" to try to get you to react immediately.
  • Generic greeting. Fraudsters who send thousands of phishing emails at one time may have your email address but they will seldom have your name.
  • Link to a fake web site. To trick you into disclosing your user name and password, phishing emails usually include a link to a fraudulent web site designed to look similar to the sign-in page of a legitimate web site.
  1. If you receive a phishing email, delete it.
  2. Report successful phishing. If you click on a phishing link or receive a phone call AND then provide your username and password, immediately change your password and call the IT Service Desk at 415-514-4100 to report that your account has been compromised. If needed, the Service Desk can help you change your password.
  3. Protect your computer with a firewall and anti-virus software. Always ensure your anti-virus software is active and up to date. UCSF provides Symantec Endpoint Protection (which includes firewall and anti-virus software) for free at
  4. Never go to websites by clicking links included in emails. Do not click on links in emails, as it may direct you to a fraudulent website. Instead, type the correct URL directly into your browser or use a bookmark if you frequently visit the web site.
  5. Communicate personal information only via phone or secure websites - but do not divulge any personal information over the phone unless you initiated the call.
  6. Periodically check your account details. It’s good practice to review your bank, credit or other important accounts periodically to check for any irregularities in online transactions, recent logins, or changes to your contact information.        





Graphics provided by

Migration Status