Frequently Asked Question
Pre-Requisites
Phishing is an email tool used by hackers to steal information from organizations and people by pretending to look like legitimate email. To learn more about phishing emails visit this sitehttps://www.technology.pitt.edu/security/phishing-awareness-dont-take-bait. This page is an excellent summary of what phishing attacks are. Pitt IT also offers a short course to help practice spotting phishing attempts. https://www.technology.pitt.edu/security/information-security-awareness-training
Procedure
If you receive what looks like a phishing attempt the first thing to do is to forward the email to Pitt IT at phish@pitt.edu. Pitt IT wants these emails to help see patterns of phishing attempts to better protect the university. Pitt IT also runs simulated phishing attempts and reports out to departments their failure rates. The more correctly identified phishing attempts sent to Pitt IT the better the University library system will look. Below is a safe process for sending a suspicious email to Pitt IT that will not open any links so will not risk your computer.
Reporting a phishing scam in Microsoft Outlook (Desktop client)
- Select the suspicious email in Outlook.
- Press Control-Alt-F. This will open a draft email message with the suspicious email as an attachment.
- Add phish@pitt.edu in the To: field of the draft email message.
- Send the email.
Reporting a phishing scam in Microsoft Outlook Online (Office 365)
- Select New to compose a new message.
- In the upper right-hand corner of the new message, click the icon to compose the message in its own window.
- Drag the suspicious email into the body of the new message. This will add the suspicious email as an attachment.
- Add phish@pitt.edu in the To: field of the draft email message.
- Send the email.
Reporting a phishing scam in Apple Mail
- Select the suspicious email in Mail.
- Select Message, then Forward as Attachment from the menu bar (or right-click and select Forward as Attachment).
- Add phish@pitt.edu in the To: field of the draft email message.
- Send the email.
Pitt IT asks that only what looks like phishing attempts be sent to them not what looks like spam.