Be aware of phishing scams

The university will never send emails asking for private data (e.g., passwords, social security numbers, credit card numbers, etc.). Always be suspicious of messages asking for private information. Do not reply, forward or click any links or open attachments if you ever receive a suspicious email. Here are some more tips from Student Affairs IT.

Recognize and report phishing

Phishing emails, texts and calls are the number one way that data gets compromised, backed by years of data breach research. Be cautious of unsolicited emails, texts or calls asking for personal information. Avoid sharing sensitive information or credentials over the phone or email unless necessary and don’t click on links or open attachments sent from unknown sources. Verify the authenticity of requests by contacting the individual or organization through a trusted channel—not by responding to the sender.

If you're not responding to phishing, you’ve already protected yourself. But you can help protect others by reporting phishing attempts. If you receive a phishing email at your university account, follow OIT's instructions for Reporting Phishing emails so that OIT Security can block it for others and protect your fellow faculty, staff and students.

If you receive phishing to another account, there may be built-in features you can leverage, or you can forward to the impersonated company’s phishing mailbox—usually phishing@examplecompany.com.

How to report phishing to:  

• CU Boulder
• Google
• Apple
• Microsoft

Check out resources for IT Security Awareness and Phishing Scam FAQs.