Phishing Email

Phishing (pronounced “fishing”) is a process by which someone tries to obtain your private information using deceptive means, usually by sending an email that appears to come from a business, bank, school, or other organization you trust. The email may include a link that takes you to a counterfeit web site that very closely resembles a trusted web site where they ask for your password, social security number, account number, drivers license number or other personal information that can be used to steal your identity. Another method is to lure you to reply to a fake email with your private information.

Protective Measures — Don’t get hooked

  • Learn to recognize phishing, they often…
    • Attempt to build credibility by spoofing a real company or university. Often, the messages are laughably bad, but many are incredibly believable facsimiles of real messages. The most dangerous are personalized specifically for you, referred to as spear phishing, using knowledge about you or your work.
    • Create a false urgency requring a quick response – such as warning that your account will be closed
    • Insist on a call to action – urge you to click a link or reply with information
  • Use common sense when giving out personal information
    • Be suspicious by default
    • Check the email for fake web links or fake web addresses
    • Never give out account or personal information by email
    • Remember, UF will never ask you for your password. Only enter your password into the official UF login page:
  • Verify the information reported in the e-mail
    • If in doubt, call customer support or, in the case of UF email, call the UF Computing Helpdesk at 392-HELP to validate the message

Anatomy of a Phish — “Phish Guts!”

Lottery Scam example– (pop-up)

Lottery Scam Example

Nigerian Scam example– (pop-up)

Lottery Scam Example


Report Phishing at UF — show us the headers

If you receive a phishing message that targets you as a UF staff, faculty, or student, you should check the UF IT Security Advisories web page to determine if we are already aware of that particular phishing attack. You can report phishing attacks by forwarding the original phishing message, with full message headers, to

It is important to send not just the body of the phishing message but the original message headers as well. The email message headers provide routing information that helps us determine the source of the phishing email and gives us the opportunity to block any potential replies to the message. For details on how to find the original message headers using your own mail problem see, Reporting Email Abuse.

Additional Resources