Avoid phishing schemes

Phishing is an attempt to defraud Internet users like you to reveal their personal information to criminals online. Phishers will try to get you to reveal your credit card and bank account numbers, usernames and passwords, or even your Social Security number.

Phishing often takes the form of an email asking you to verify or provide information. It may ask you to reply with the requested information, or it may link to a fake site that resembles a reputable one (e.g., Gmail, Yahoo, Facebook). Whether you provide personal information in a reply email or through a fake Web site, you risk becoming a victim of identity theft or fraudulent activity on your accounts. Report a computer security incident.

Follow the guidelines below to avoid phishing schemes.

Guidelines

  • Reduce SPAM, remove and avoid malware, and update your software regularly.
  • Do NOT open emails from people or organizations you don't know. Instead, delete them immediately.
  • Hackers may have stolen your friend's address book/contacts, so don't trust everything you supposedly get from friends.
  • Never provide personal information, bank account or credit card numbers, or usernames and passwords in an email.
  • Do NOT click links in emails (even an unsubscribe link). Instead, do a search or type the published URL of the site you're trying to reach in a new browser window or tab. You can hover your mouse over the link to see where it will actually go.
  • Do NOT respond to phishing email asking to be removed from a mailing list. This will guarantee that you will receive more SPAM and phishing emails.
  • Keep your browser up to date. Most browsers will warn you before visiting a fake site, but you must update your browser regularly for this feature to be effective.
  • Be wary of shortened URLs, which most commonly start with http://bit.ly, http://goog.le, or http://tinyurl.com. These URLs hide the original link, so it's hard to determine if they go to real or fake sites. With reputable senders like the UD Office of Communications & Marketing, shortened URLs are likely not problematic. For other senders that are not (or may not be) reputable, it probably is safer to open a new window or tab, go to the URL of the site you're trying to access, and search for the information.
  • Verify requests from your credit card or bank by calling the number on your statement or credit card, rather than responding to requests through email directly.
  • Forward phishing emails to spam@uce.gov and/or reportphishing@antiphishing.org and the company or organization impersonated in the phishing message.

More information

Deter. Detect. Defend. Avoid ID Theft (FTC)
If you've been scammed, visit the FTC's page on identity theft. It provides steps to take to recover from identity theft and resources to learn more information.

Avoid Phishing Scams (Video)
Shows how to identify phishing emails and fake links.

Annotated Phishing Samples
We annotated some phishing messages received at UD over the past several years. We've also started a blog that lists current phishing scams that have landed in UD inboxes.

Phishing (OnGuard Online)
Provides comprehensive ways to identify and avoid phishing schemes. Also provides information to report phishing messages.

How to recognize phishing emails or links (Microsoft)
Tips to identify fake emails and avoid links that may send you to fake Web sites.

Identity Theft (Delaware Department of Justice - Attorney General's Office)
Follow these steps to avoid becoming a victim of identity theft, which could result from falling victim to a phishing scheme.