Phishing Awareness: Don’t take the bait. Learn to spot a scam.

Email is an essential part or our everyday communications. It is also one of the most common methods that hackers use to attempt to gain access to sensitive information. More than 90% of data breaches start with a phishing attack. “Phishing” uses fraudulent email messages designed to impersonate a legitimate person or organization and trick the recipient into downloading harmful attachments or divulging sensitive information, such as passwords, bank account numbers, and Social Security numbers.

Phishing scams can have a number of different goals. They may attempt to:

  • Target your cash and payment card data
  • Gain control of your computer and local network resources
  • Gain access to your University Computing Account and resources

Phishing scams typically attempt to take advantage of you by:

  • Delivering file attachments that can infect your computer with harmful software
  • Enticing you to click on links to Web sites that infect your computer with harmful software
  • Tricking you into sharing your username and password so hackers can gain access to your network or other sites

You can identify a phishing scam by looking for email messages that:

  • Create a sense of urgency
  • Invoke strong emotions, like greed or fear
  • Request sensitive data
  • Contain links that do not appear to match legitimate resources for the organization that is contacting you

Always remember that legitimate companies and organizations will never ask for passwords, social security numbers, and other sensitive data via email.

Examples of Phishing Scams

Examples of Phishing Scams

Below you will find examples of phishing scams that have been received by the Pitt community. You can review these examples to familiarize yourself with various phishing messages. You can always view the latest phishing alerts on our Alerts and Notifications page.     

Spotting Simulated Phishing Scams

Spotting Simulated Phishing Scams 

The University has implemented a new phishing awareness program that will periodically send you simulated phishing emails designed to imitate a real scam. These simulated scams are completely safe and there are no negative consequences if you mistakenly reply to a simulated phishing message.

If you are fooled by a simulated scam, we recommend that you take one minute to review the very brief educational material that is presented afterward.

If you recognize an email as a phishing scam, we encourage you to report it using the steps in the following section.

Reporting a Phishing Scam

Reporting a Phishing Scam

Although your first instinct may be to ignore or delete suspicious emails, we recommend that you report them to our security team. We will examine the email and, if necessary, advise you of any further steps you may need to take.

To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. We will be introducing additional features in the near future to make the reporting process even easier.  

Reporting a phishing scam in Microsoft Outlook (Desktop client)

  1. Select the suspicious email in Outlook.
  2. Press Control-Alt-F. This will open a draft email message with the suspicious email as an attachment.
  3. Add phish@pitt.edu in the To: field of the draft email message.
  4. Send the email.

 Reporting a phishing scam in Microsoft Outlook Online (Office 365)

  1. Select New to compose a new message.
  2. In the upper right-hand corner of the new message, click the icon to compose the message in its own window.
  3. Drag the suspicious email into the body of the new message. This will add the suspicious email as an attachment.
  4. Add phish@pitt.edu in the To: field of the draft email message.
  5. Send the email.

Reporting a phishing scam in Apple Mail

  1. Select the suspicious email in Mail.
  2. Select Message, then Forward as Attachment from the menu bar (or right-click and select Forward as Attachment).
  3. Add phish@pitt.edu in the To: field of the draft email message.
  4. Send the email.

 Note: Please do not forward spam messages to phish@pitt.edu. Only forward email messages that you suspect are phishing scams.