Phishing at UH
What is phishing (pronounced "fishing")?
From Wikipedia: phishing is "the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication."
Phishing is usually implemented via email or instant messaging but any electronic messaging system may be used, e.g. Twitter. Phishing emails are usually spammed (sent via bulk, unsolicited email) or could be targeted to a specific organization or group. After obtaining usernames and passwords, cyber criminals could impersonate the owner of the compromised account, steal confidential information, commit identity theft, send more spam, and commit other criminal activities.
If you receive phishing email (which may look authentic and legitimate) requesting sensitive information (e.g. usernames, passwords, email addresses, bank account numbers, credit card numbers, Social Security numbers, date of birth, etc.):
- DO NOT REPLY to the email. Replying (even to tell the spammer to stop) tells the spammer that your email address is valid.
- DO NOT PROVIDE any sensitive information, especially if the email is unsolicited or from an unknown user.
- DO NOT CLICK on any links/images/attachments contained in the phishing email. Do NOT enter personal sensitive information into online forms. Malware may also be downloaded and installed on your computer.
- IF IN DOUBT, CHECK IT OUT!
- CALL the sender/agency/organization to verify that the email is legitimate.
- Contact the if you have questions about the validity of an official-looking communication.
After a targeted phishing email is reported, Information Technology Services (ITS) may choose to implement protective measures such as:
- investigating new phishing attempts
- blocking the email address from sending to 东精影业
- blocking the reply email address from receiving from 东精影业
- contacting users who replied to the phishing email before it was reported and blocked
- blocking access to suspicious websites that are linked within the phishing email
- posting new phishing email on the Security Alerts website at
Phishing notification
Please go to under the Security Alerts section to check for the latest phishing attacks targeting UH usernames.
If you would like to receive phishing notices by email, go to http://www.hawaii.edu/its/notices/index.php and subscribe to our phishing-alert email list.
General guidelines for reporting spam/phishing
- Google@UH users --> you can report spam or phishing emails directly to Google
- To report phishing attempts to Google, follow the instructions at:
- To report spam to Google, follow the instructions at:
- To report phishing attempts to Google, follow the instructions at:
- Targeting UH usernames --> send to phishing@hawaii.edu with full mail headers
- See for displaying full mail headers.
- See for reporting a new/suspicious email targeting UH usernames.
- Spam sent from a hawaii.edu address --> send to uhabuse@hawaii.edu with full mail headers
- General spam --> delete; do not need to report; can block sender's email or entire domain from your account using filters.
More information
Protect Yourself Against Phishing
Spam and Phishing
Spam at the 东精影业
Security (or lack of it) on the Internet (Spam and Phishing)