University of California, Riverside

Student Electronic Communications Policy



How to Spot Phishing


What is "phishing"?

"Phishing" (pronounced "fishing") refers to a form of fraud that attempts to acquire sensitive information (usually your username, also called login or loginID, and password). There are many variations, but the most obvious characteristic of a phishing message is that it instructs you to provide sensitive information either by replying to the message, or by clicking on a link and entering the information on a web page. There is no legitimate reason for anyone to request a password/password or other sensitive data via email, and you should never respond to any such message.

What should I do if I think I might have responded to a phishing message? 

Call Student Help Desk at 951-827- 6495 immediately if you think you have provided your passphrase or other personal information in response to a phishing scam.

What if a message, which seems to come from someone at UC Riverside, asks me to confirm my login ID and password? 

UCR will never ask you to do this via email or telephone. Call the Student Help Desk at 951-827- 6495 if you are unsure about the validity of an email from a campus address.

How do I know if a message is a phishing scam? 

Phishing messages often:

  • Instruct you to supply your account information, including your password/passphrase, by email or by clicking on a link in the message and then entering the information via the web. This is never a legitimate request.
  • Have a "From:" line that sounds (and sometimes is) legitimate, but the message itself is vague.
  • Contain a threat if you do not supply the information, such as having your account deleted.
  • Have spelling and grammatical errors. Legitimate messages aren't always perfect, but with careful reading many scam messages become obvious.
  • Use a generic salutation rather than using your personal name.

What can happen if I reply to a phishing scam? 

If you send them the information they request, they could use your email account to send millions of spam messages, open accounts under your name, or commit other fraud.

How can I prevent my campus computing account from being compromised?

  • DO NOT respond to phishing scams in any way. It's that simple. Just don't answer. Don't click on links in the message. Delete the message immediately.
  • Be suspicious of messages requesting personal or account information.
  • Be suspicious of messages threatening to close or suspend your account if you don't respond with the information they want.
  • Check the authenticity of email messages by calling a company phone number known to be genuine.
  • Read even more about phishing at www.us-cert.gov/cas/tips/ST04-014.html.

Why doesn't the campus just block phishing scams like we block spam? 

We employ multiple layers of the latest and best anti-spam, anti-virus, and anti-phishing technology available. Unfortunately, these systems cannot block all malicious email.

I've never replied to a phishing scam, but have been getting spam emails from my own email address. How does this happen? 

These emails result from a very easy spammer technique called "spoofing." All spam has a spoofed (or forged) "From" address. Unfortunately, there is no way to prevent the use of someone else's "From" address in email. If you receive more than five spam messages from yourself per day, contact the Student Help Desk at 951-827- 6495.

What happens to compromised accounts? 

When UC Riverside identifies a compromised account, the account is locked immediately. If your account is locked, you must go to password.ucr.edu and change your password immediately.

More Information 

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Department Information

Computing & Communications
Computing & Communications Bldg.

Tel: (951) 827-4741
Fax: (951) 827-4541
E-mail: helpdesk@student.ucr.edu

Footer