Protect Yourself Against Phishing

Throughout the semester, UH has experienced a barrage of phishing emails targeting UH email accounts. The attackers want your UH username and password, and are using several tactics to try and catch you off-guard which include:

  • Using compromised UH email accounts (including valid signatures) to send out these phishing emails, which may belong to one of your business or personal contacts
  • Threatening termination of your account if you don’t respond
  • Asking you to click on a link and login to view a confidential document stored in Dropbox, Google Drive or other cloud storage services
  • Impersonating legitimate organizations, such as the IRS

To keep yourself from becoming a victim, remember to “SEAR the Phish.”

SEAR the Phish!

SEAR the Phish Logo

Phishing emails tend to be threatening, or it has a sense of urgency within the email. Responding to one could allow your account to be compromised, and your information stolen. To prevent this, remember to SEAR the email before responding.

STOP Don’t panic and don’t be too quick to click on email links even if the message looks urgent and threatening.
EXAMINE Look at the email closely. Does the message look suspicious, does the link look unusual, does the request make sense?
ASK Question the sender (if you know him/her personally). Check with the ITS Help Desk (help@hawaii.edu) to determine if the email is legitimate or not.
REPORT Notify ITS if you receive any UH-related phishing emails by forwarding it to phishing@hawaii.edu. Learn how to report a suspicious email at https://www.hawaii.edu/askus/898

Always remember that the University of Hawai‘i will not arbitrarily solicit personal information from you. You should never reply to those requests. If you’re not sure you responded to a phish, change your password immediately.

Phishing Tips

Don’t be victimized by these phishing messages, remember the following:

  1. Be vigilant about protecting personal information, such as your UH username and password and your social security number. Never respond with any personal information (like your social security number) to an unsolicited email.
  2. Be careful when clicking on links in unsolicited messages, particularly when the link points to a website that does not begin with www.hawaii.edu or (something).hawaii.edu.
  3. Be safe, if you think you may have provided your UH username and password in response to a phishing message, change your password immediately. You can check your Google@UH login activity by following the instructions at: https://www.hawaii.edu/askus/1587

I’ve been hooked!

  1. If you responded to a phish, change your password immediately! Visit https://www.hawaii.edu/username/ to change your password. If you use the same password on other sites like your bank or social media accounts, you need to change those passwords as well.

    2. NOTE: If you receive an error when trying to change your password, it is possible your UH Username has been disabled. In this case, please contact the ITS Help Desk for further assistance

  2. Check your Google@UH Gmail settings, as some compromised accounts have their configurations changed

    • Log into Google@UH Gmail <https://gmail.hawaii.edu >.
    • Click on gear icon in the upper right, then select Settings.
    • Check your vacation responder and signature settings for any text not entered by you.
    • Click on the Accounts tab, and check if your display name has changed or if any additional email addresses have been added.
    • Click on the Forwarding and POP/IMAP tab and check that there is no unknown forwarding email addresses setup.
    • Click on the Filters tab, and check that there are no unknown filters that have been added.

For more information, visit https://www.hawaii.edu/askus/892

AskUs Resources