Recognizing and Reporting Fraudulent Emails

This document describes the most common types of fraudulent email and provides you with recommendations on what to do if when you receive one. The two most common types of fraudulent emails are:

  • Phishing emails
  • Spam emails

What are Phishing Emails?

Phishing emails are malicious messages that attempt to steal your sensitive information, such as your passwords, your social security number, or your bank account information. They may ask you to click on a link or to reply to the email to “confirm” your sensitive information, in an effort to steal it.

Phishing emails may look like they come from a legitimate source, for instance your bank or the UNC Help Desk. They often contain links that at first glance look similar to sites you might visit. These types of links are called forged links. These forged links will take you to websites that appear to be legitimate, but are in fact malicious and designed to steal your sensitive information. In the forged link example below, you can see that the link text in blue is not the same as the link text in yellow.

Image
The thieves may also ask you to reply to their email, call a phone number, or click on a URL to steal your information. The clues to help you recognize a phish, as shown in the illustration below, may include a generic greeting and sender and a sense of urgency. The thieves are “phishing” for your information, hence the name.

 

Image


What do I do if I get
a suspicious email?

  • If you’re asked to reveal any personal information via email, do not respond.
  • If you receive a suspicious email that includes a link, do not click the link.

If you get an email that requests your personal information or one in which a forged link appears to come from a UNC website, forward it as an attachment to phish@unc.edu as soon as possible.

If it’s a phishing email, ITS will block the URL and the sender’s email address from sending to others at UNC. Reporting these emails helps protect you and everyone else on campus, too.

What is Spam?

Spam, also called junk mail, is unsolicited mass email. UNC filters out known spam before it reaches your personal email box. However, spammers and phishers are smart and constantly changing their messages and tactics. We need your help to keep UNC’s Spam filters up to date.

Here’s how you can help UNC fight Spam:

  • By marking spam emails with the “Block Sender” option in Outlook, instead of just deleting it.
  • By marking files that are incorrectly moved to your Junk folder as “Never Block Senders” or “Never Block Senders Domain.”

Spammers WANT you to click the link:

  • A common tactic of spammers is to include an “unsubscribe” link on the bottom of fake newsletters. If you click on one of the fake “unsubscribe” links, you will likely end up receiving more spam. By blocking the senders of those fake newsletters and by NOT clicking, you protect yourself and other UNC users.
  • Spammers may also include malware in their links or as attachments. If clicked on, the malware will attempt to install itself on your computer and may track your activities, as well as attempt to infect other UNC computers. Do not click links or open attachments!