Cybersecurity Focus: Stop Fraudsters and Recognize Phishing Attempts
Learn more about phishing at security.uark.edu.
Scammers launch thousands of phishing attacks every day. Phishing is the attempt to obtain passwords, credit card details, access to your device or other personal information by sending emails, instant messaging chats or text messages that appear to be from a trustworthy person, company or institution.
Phishing attempts are messages that ask you to click on a link or open an attachment. For example:
You will lose access to your account.
You need to confirm personal information or pay an invoice.
You are eligible for a coupon or a gift card.
Your family member needs help.
A few simple steps can help determine if an email/message is legit or a phishing scam.
Check contact information.
A legitimate email should include the sender’s name and offer an alternative method of contact other than replying to the email or clicking a link. If in doubt, do not click on the link. Open your web browser and go directly to the company or service website to get their correct contact information.
Don’t fall for the hype.
The email or text may claim that you will lose access to your email or bank account, for example. The U of A and other responsible institutions will never request your information via email or an unsecured website.
Check the “s”.
When updating your UARK password or logging into a service, always make sure you are on a site with an https:// address. The “s” indicates that this is a legitimately secure site. The only legitimate site to update your U of A login information is Password Manager at https://account.uark.edu.
What should I do when I receive a phishing scam?
Use the Report Message button in Outlook if you think you’ve received a phishing email.
The button is included with Outlook on the web, Outlook for iOS and Android, and compatible versions of the Outlook desktop email client.
Select the suspicious or unwanted message and click the Report Message button in Outlook.
Select Phishing to ensure that the suspicious email is reported to the university’s IT security team and deleted properly. Select Junk if it’s unwanted spam.
What happens if I provide personal information to a phishing scam?
If you have provided personal information or entered your login information on a malicious site due to phishing attacks, immediately change your UARK passwords and other accounts.
How do IT departments prevent phishing?
The IT Security team manages several services that help prevent phishing scams from spreading on campus. The university’s IT security team provides anti-spam and anti-malware protection with Microsoft Exchange Online Protection (EOP) and Safe Links.
Microsoft EOP inspects messages for malware and uses rules to filter messages sent from addresses known to distribute malicious email, as well as messages containing content such as other spam messages.
In addition to Microsoft EOP, all UARK emails are also routed through Safe Links, a server-side filter that examines messages for malicious URLs and other phishing tactics. Safe Links identifies suspicious emails, tests links, and determines if links are safe before allowing you to view them.
Securing our online campus community is an ongoing effort as cybercriminals continue to evolve their methods. Simple steps like not clicking on links in emails or text messages, avoiding downloading unverified attachments, and reporting suspicious messages can go a long way in keeping our university safe. To learn more, see the cybersecurity checklist.
If you have questions or need help, contact your local IT support or IT Helpdesk.