Information Services offers tips on spotting phishing messages

Phishing illustration with laptop

Beware of unsolicited emails that ask you to click a link and enter your username and password. They may be phishing emails.

A phishing email is an attempt to trick a user into giving a username and password to cybercriminals, who then use those credentials to steal information, money or identities.

UO employees and students often receive phishing messages with links that claim to lead to official University of Oregon websites but actually take visitors to insidious imitation sites. When you enter your username and password on one of those fake sites, the attackers have successfully phished you.

The UO information security office tends to see a surge of such messages around spring break and at other times in the academic year when people's normal routines may be disrupted. Last fall's phishing attack was one such example.

"Be alert and cautious," said Leo Howell, chief information security officer. "Not all suspicious messages are phishing, but we want people to stop and think before they click."

Howell offers the following tips for staying safe from phishing messages:

  • Beware of attachments. Email attachments are the most common vector for malicious software. Delete any message with an attachment, unless you are expecting it and are absolutely certain it is legitimate.
  • Confirm identities. Phishing messages can look official. Cybercriminals steal organization and company identities, including logos and URLs that are close to the links they're trying to imitate. There's nothing to stop them from impersonating schools, financial institutions, retailers and a range of other service providers.
  • Check the sender's email address. Any correspondence from official UO sources will likely come from an organizational email address, such as For example, a message from the UO Technology Service Desk will not come from
  • Don't click links in suspicious messages. If you don't trust the email or text message, don't trust the links in it either. Beware of links that are hidden by URL shorteners or text like "Click Here." Hover your mouse pointer over the link to see where that link will actually go.

Anyone who has responded to suspicious email messages should contact the information security office at immediately.

People who have clicked through such an email and entered their Duck ID and password into a fake site should go to Duck ID Self-Service to change their password and revise security questions and answers. Anyone who has entered their UO ID number, which starts with 95, and corresponding password, or PAC, on a fake DuckWeb site should go to DuckWeb, change their password and verify that no important information has been changed.

Information Services offers more tips to help determine if a suspicious email is malicious in the UO Service Portal.

Howell also encourages staff and faculty members to attend the cyber security awareness session he'll be leading at the 2019 Risk and Resilience Summit on Monday, April 1, at 3:15 p.m. The session is free, but registration is required in MyTrack.

When in doubt about a message, people should contact the Information Services Technology Service Desk at 541-346-HELP or forward suspicious email to The Technology Service Desk is in Prince Lucien Campbell Hall.