I put the following blog article out a while ago, but in recent months we have had a deluge of phishing attempts.  This is especially confusing for many users as a result of our move to Microsoft Exchange.

The post below is still applicable, but I can sum up the entire point in one easy statement:

Never give your password to anyone.  Only use it to login to trusted sites.  If the domain of the site is not what you are expecting (Not ucdavis.edu or ucanr.edu) then there is a good chance this is an attempt to trick you into giving up your credentials.  
 

Please read on for a little more information.

Phishing...that is the name given to different types of 'social engineering' schemes to convince you to release information to some unsavory character, who will use it in unsavory ways.

Most of us are targets of phishing almost every day.  We see much of this as email spam, and throw it away.  Many of these scams are obvious- but some go well beyond trolling for neophytes, and they've fooled even the most jaded internet user.

1. Do not follow links sent in an email. You will be much better off typing in the main URL to the website, then navigating to function you need.  For instance, if Wells Fargo asks you to update your personal information, type 'wellsfargo.com' into your browser, and login there and follow the directions.  This way you know you will be safe.
2. If you ignore rule #1, then please follow this rule!  Always check the target of any link before you click on it. You can do this by hovering your mouse over the link- the real URL will be displayed in a little pop-up.  Make sure it matches the link you *think* you will be going to.  And please, please, please, make sure the link makes some sense!  Recently someone sent me an email with links to '123contactform.com' - which was supposedly a way to update their UC Davis account information.  NO!  We would never send you to 123contactform.com!  We would send you to a ucdavis.edu or ucanr.org domain.
3. Think about what is being asked of you. Would your bank really send you an email asking you to update your social security number?  No. If you doubt the legitimacy of a request- call the requestor!

That's it- 3 easy steps to avoid phishing scams.  Sadly, these scams really do work...which is why the unsavories keep sending them out.

Think before you link.

Turn the tables on phishing in 3 easy steps.