reads stop, look, think.

You Can’t Go Back

“Choice and consequence” is a phrase that my son is probably very tired of hearing. We tell him often, “You have the freedom to make any choice you want to but by doing so you are accepting the consequences of that choice and there is no ‘undo’ button in the real world.”

This is something we all should remember when it comes to responding to emails, texts, and clicking on links.; UAH is under constant attack from malicious actors sending phishing and spam emails and text messages with links that will take unsuspecting visitors to malware-ridden sites or sites that are purpose-built to look like they are UAH services. Once you click on one of these links and provide your UAH account username and password, there’s no going back. Luckily, by taking a few precautions, you can reduce the chance that you will be fooled by some of these crafty messages.

Look for the [EXTERNAL] tag in the Email Subject line

Emails that are sent from email addresses will automatically be tagged with the [EXTERNAL] flag at the beginning of the subject line. If you see an email with this flag you should immediately be suspicious of the contents, especially if it contains information that would normally be sent via official UAH email such as class schedule modifications, job offers, and alerts meant to look like it’s coming from a financial institution.

If In Doubt, Verify It

In the event you receive an email or text message claiming to be from UAH personnel but something doesn’t feel quite right (it’s not coming from their address, you don’t recognize the number, etc.), please reach out to the purported sender directly via their address or phone number to verify they sent the information. If they did not, please report the message as spam or phishingfollowing the procedure below. Do not reply to suspected spam or phishing emails because that confirms to attackers that the email address is monitored.

Report Spam and Phishing Emails

Reporting spam and phishing emails improves Google’s filters and allows you to report an email as spam or phishing from the Gmail web interface, open the email, click on the 3 dots in the upper right corner, and click on “Report spam” or “Report phishing”. Both Google and OIT personnel will be notified of your report and will take appropriate action.

Always Treat Emails With Suspicion

Phishing emails often rely on an urgent call to action or threats if you don’t act now (your account is suspended, your UAH account is past due, you will lose an upcoming deposit if you don’t take action, etc.). They also will sometimes contain generic greetings or no greeting at all and may even include suspicious attachments you weren’t expecting named something like “My Resume” or “Account Invoice”. You should always be suspicious of unsolicited emails that do not follow appropriate procedures, try to get you to act immediately, or ask you to do something out of the ordinary.

Phishing is one of the most pervasive attack methods in use by cybercriminals who seek to gain access to UAH data and finances. It requires all of us to stay prepared and be cyber aware.