Phishing – when a cybercriminal poses as a legitimate party in hopes of getting someone to engage with malicious content or links – remains one of the most popular tactics among cybercriminals today. In fact, 80% of cybersecurity incidents and 90% of data breaches stem from a phishing attempt.

The signs can be subtle since phishing messages have become more sophisticated but once you recognize a phishing attempt, you can avoid falling for it.

Here are some quick tips for how to clearly spot a fake phishing email, text, or call:

  • An offer that sounds too good to be true, like a financial reward
  • Urgent, alarming, or threatening language
  • Poorly written messages with misspellings and bad grammar
  • Generic or ambiguous greetings
  • Requests to send personal information
  • Strange or abrupt business requests
  • False claims that someone is in need of help
  • Urgency to click on unfamiliar hyperlinks or download files
  • Email addresses that don’t match the company name

We all have a huge role to play in protecting the University of Chicago. If you think you have spotted a phishing attempt, report the incident to our IT team by using the Report Phish button, available in UChicago Outlook and UChicago Gmail, or send an email to security@uchicago.edu. Your quick thinking may help others avoid becoming victims of a cybercriminal.

Learn more about common phishing scams and traps.