Skip to main content
Department of Medicine IT

Phishing Information and Protection

What is Phishing?

In short, phishing is a third party attempting to gain access to your system either by you allowing them in or providing your personal information such as usernames and passwords. They trick people into this by trying to impersonate a legitimate authority or catching users off guard.

The most common form of phishing is bogus emails trying to trick you into revealing your credentials for sites and/or services. This can compromise employees personally by revealing personally identifiable information such as social security and or credentials to back accounts or other confidential systems. These bogus emails generally contain links in emails that send users to fake web sites that mimic real ones (such as previously done with the UW NetID sign-on page).

In recent past we have also seen a rise of unsolicited phone calls that pretend to be providing technical support and/or services to supposedly comprised systems.

Phishing DOs

  • If the context of the message doesn’t make sense, delete the message or call the sender to verify the email
  • Be wary of messages that ask you to update your password or confirm your account
  • Report any warning messages from antivirus or other software immediately to the Department of Medicine IT Services.
  • Minimize the confidential information you store directly on your device.
  • Use network storage or UW OneDrive for Business whenever possible
  • Encrypt your devices when they are used to store data.
  • Keep your operating system and software up to date (stay patched)
  • Empty your email deleted items regularly or set it to empty automatically when you exit the program
  • Contact the Department of Medicine IT Services for assistance with any devices you use for work, both personal and UW owned.

Phishing DON'Ts

  • Never open an attachment from an unknown source
  • Do not click on links in emails or popups. This can be tricky because some malicious websites or popups say the computer has a virus however the links provided are either malicious or a phishing attempt

Phishing Handout: