Be on the lookout for scams — even if you think you know sender

An email from your boss, unit leader or university president is sure to catch your eye — but take a closer look to make sure you don’t get phished.

Scammers can “spoof” an email address to make it look like anyone from your director to University President Ray L. Watts is sending you an urgent email that demands your attention or asks you to click a link. But clicking that link could cause you to give away your credentials or infect your computer with malware.

Scammers can also impersonate people via phone calls or text messages — known as “vishing” and “SMiShing.”

SMiShing scams happen via text messages and try to get recipients to click on links on their mobile devices. Vishing happens via phone calls, and callers might pretend to be police or other authorities claiming you owe money or broke a law.

In both cases, you should verify contacts independently, and know the signs when a message or phone call starts with vague information or an offer that sounds too good to be true.

In the case of phishing, how do you know if an email address is legitimate?

An easy way is to hover over the email address with your mouse and check to make sure it is real — the correct BlazerID followed by @uab.edu.

You can do the same with a link — if it isn’t legitimate, don’t click it, and especially don’t enter your BlazerID and password.

If you suspect an email is phishing, you can report it using PhishMe Reporter in Outlook or forward it to phishing@uab.edu.

Learn more about phishing — and how to avoid falling for a scam email — at uab.edu/phishing.

Last modified on June 26, 2019