graphic depicting phishing scam with text reading, "don't get hooked by phishing scams"

Don't Let Hackers Hook You with Phishing Scams

UC Davis has increasingly become a target of fraudulent emails, also known as phishing, in recent weeks. Here is everything you need to know about phishing scams and actions you can take to keep yourself safe.

What is phishing?

Phishing is a form of fraud that tries to trick you into providing your sensitive information, often by sending a message under the guise of a legitimate sender, such as a professor or campus staff member.

At UC Davis, these phishing messages may ask you to do the following:

  1. send money as part of a fake job
  2. reveal your campus password and Duo code.

Do not respond to any suspicious emails, click any links, or download any attachments. In doing so, you may put your identity and the university’s information and systems at risk. UC Davis will never ask for your passwords or other sensitive information via email or a link.

How can I protect myself?

When receiving a suspicious message or messages from unknown senders, we recommend that you:

  • Verify the identity of anyone who requests your personal information. Never provide sensitive personal information in response to an email or on an untrusted site, login screen, or form.
  • Do not reply, click any links, open an attachment, or enter personal information on a website, login screen, or form referenced in the email.
  • REPORT the message to, then delete it. You can also report it using the Report feature in your email.
  • Get multi-factor authentication. Enroll in Duo to protect your account and data.
  • Update your devices to the latest version. These updates provide critical protection against security threats.
How can I tell if an email is phishing?

Be aware of the telltale signs of a phishing scam:

  • Suspicious sender address - Read the sender’s address carefully and make sure it’s really coming from who it says it’s coming from.
  • Spoofed web links - Check that a link matches the text in the email by hovering over the link. Never click on a questionable link.
  • Spelling, grammar & layout errors - Read the email for poor grammar, sentence structure, spelling errors, and formatting issues.
  • Suspicious attachments - Be skeptical of unsolicited emails containing attachments. Never click on attachments from an unknown source.
  • Threats or a false sense of urgency - Read the email for instances of urgency and warnings of dire consequences.
  • Generic salutation - Be careful if the email uses a generic greeting rather than your personal name.

For visual examples, check out How can I tell if an email is phishing? To see whether an email is legitimate or not, view the Authentic Message Registry for recent messages.

What should I do if I responded to a phishing email?

If you have provided your passphrase in response to a phishing email or clicked a link in a phishing email, change your passphrase immediately at Additionally, change the compromised password on any other accounts or websites where it was used. The new passphrase should be completely different from the old one. A simple change of a few characters is not sufficient.

Additional help and resources

If you have any questions or issues, such as resetting your passphrase or setting up Duo multi-factor authentication, contact IT Express at 530-754-HELP (4357). We also recommend contacting your local IT group for additional information on how to further secure your account.

To learn more about phishing and ways to protect yourself, check out the following: