Protect yourself from phishing

If you think you may have fallen victim to an attack, change your password immediately and contact the IT Help Desk so that we can investigate.

Phishing is an attempt to obtain sensitive information such as passwords and credit card details via email by disguising as a trustworthy entity.

To avoid a phishing attempt or report a phishing email, please see Mark as phishing in Gmail.

Steps to protect yourself

  1. Do not respond to any requests for your password.
  2. Be skeptical of any email which asks you for private information, including emails that appear to come from your supervisor or professors.
  3. Analyze any message carefully that comes from unfamiliar sources or conversations that you did not initiate. Telltale signs of phishing include From: and Reply-To: fields to mask the source of the email, salutations using strange language or grammar, unreasonable sense of urgency, unfamiliar financial institution, requires the recipient to click on a link, etc.
  4. Never include your password in an email. Under no circumstances should anyone ever ask for passwords via email.
  5. Report the message as phishing in Gmail to help protect others who may have received a similar phishing email.

If you question the legitimacy of an email and would like a second opinion, forward the message to the IT Help Desk, [email protected].

Email from UIndyIT will always be signed by an employee and will never ask for your password. 

Actual examples of recent phishing at UIndy

  • Attackers pretending to be faculty or employers with enticing internship offers. If the recipient engages with these emails, there’s a brief back and forth about the requirements for the internship or “research assistant” position before being asked to submit an application and being given directions related to banking information.
  • Attackers sending an email that suspiciously looked like a Google Drive shared document (for example, with the title “Feedback_on_Staff_Effectiveness_.docx).
  • Attackers impersonating UIndy employees by opening a Yahoo or Gmail account, using legitimate first and last names of employees. The attackers then target UIndy faculty and staff within the same department with a brief email, simply asking, “Are you available?“  If engaged, the fraudsters request favors and gift cards for family members.