Email Phishing FAQs
No! You will never be asked to provide private information by email including any of your account passwords.
Phishing is a social engineering attempt to obtain personal information such as credit cards, bank accounts, usernames and passwords by masquerading as a user or entity you trust. This is typically performed through an email or instant message requesting you to enter this information in a reply or on a website.
The latest attacks may come either a UI or non-UI address and link to an online form hosted on Google Spreadsheets, MS Office Online, or a number of other sites. They may even include official UI logos to make the message more realistic.
To report a suspicious or unwanted message, instead of adding the full email header, drag and drop the suspicious email into a new email.
Once dragged into the new email, it should appear as an attachment. Please also include whether or not you replied to the suspicious email, clicked any links it contained, or took any action the suspicious email suggested. This will give ITS the information we need for securing your account against subsequent attacks.
The ITS Help Desk would never ask you to put sensitive information into an email as it is an insecure transport mechanism. If in doubt, call the Help Desk at 208-885-HELP (4357). No major system change would be implemented without prior notification.