Social engineering manipulates individuals to gain access to sensitive information or perform certain actions. When this takes place over email, phone, or text message, this is known as phishing, vishing, or smishing.

Phishing messages often appear to come from legitimate sources like coworkers, financial institutions, or commercial retailers. Scammers use phishing to trick recipients into divulging sensitive information, clicking malicious links, downloading malware, or making unauthorized purchases.

Examples of phishing

The strongest indicator of phishing is urgency. 

Here are some examples of what a phishing message might look like:

• Click here to verify your account is still active, or it will be deleted in 24 hours!
• Act now to claim your prize! (You just need to put in some personal information...)
• Can you do me a favor? I'm a Vice President, and I need you to buy a gift card for our coworker's retirement party real quick!

Tips to avoid getting phished

• Watch out for unsolicited messages from unfamiliar email addresses or phone numbers.
• Scammers often create a sense of urgency in their messages. Don't fall for it. They're trying to make sure you won't have time to realize what's wrong.
• Scammers often ask for gift cards as a favor, and they might impersonate ANR leadership positions and exploit your trust for this.
• If you receive a message with an unexpected link or file attachment, reach out to the sender through alternative means (phone, email, Slack, etc.) to verify their intent.

Please report all potential phishing messages to ANR IT (help@ucanr.edu). While we can't hope to stop phishing by blocking individual addresses, we want to keep an eye on the threat landscape.