Phishing – when a cybercriminal poses as a legitimate party in hopes of getting someone to engage with malicious content or links – remains one of the most popular tactics among cybercriminals today. In fact, 80% of cybersecurity incidents and 90% of data breaches stem from a phishing attempt.

The signs can be subtle since phishing messages have become more sophisticated but once you recognize a phishing attempt, you can avoid falling for it.

Here are some quick tips for how to clearly spot a fake phishing email, text, or call:

  • An offer that sounds too good to be true, like a financial reward
  • Urgent, alarming, or threatening language
  • Poorly written messages with misspellings and bad grammar
  • Generic or ambiguous greetings
  • Requests to send personal information
  • Strange or abrupt business requests
  • False claims that someone is in need of help
  • Urgency to click on unfamiliar hyperlinks or download files
  • Email addresses that don’t match the company name

We all have a huge role to play in protecting the University of Chicago. If you think you have spotted a phishing attempt, report the incident to our IT team by using the Report Phish button, available in UChicago Outlook and UChicago Gmail, or send an email to Your quick thinking may help others avoid becoming victims of a cybercriminal.

Learn more about common phishing scams and traps.