Phishing scams most often take the form of fraudulent emails. Typically, these messages are designed to trick users into revealing sensitive or protected information (ex. usernames, passwords, bank account information) by pretending to be a legitimate entity like your bank, a social media site, or your university. For example, a phish posing as your bank might warn you of fraudulent activity on your account and ask you to “click here” to verify your information which often includes providing your account username, password, and sometimes more.

Tips to help you identify a phishing email

  • Check the sender’s email address to see if the listed domain (what comes after the “@” sign) matches where the sender claims to be from. If the email message claims to be from UAB, does the sender domain match?
  • Try to not click on links in an email but if you must, first check the true destination of any link or listed email address in an email by hovering (don’t click) your mouse over the link. The true email or URL will be displayed next to your mouse or in the bottom left of your window.
  • Check for misspellings or grammatical errors. Phishers often make mistakes somewhere in the subject line or the text of the email.
  • Be skeptical of unsolicited messages offering you money or other items for little to no work. If it sounds “too good to be true," it probably is.
  • Be especially cautious when opening any email messages in your spam or quarantine folders.
  • If you aren't sure or feel an email might be suspicious, report it by forwarding the email to

Remember, when you receive an unsolicited email or if the email seems suspicious; please take the time to scrutinize it carefully. If you still have doubts after reviewing the email, please contact UAB AskIT immediately. Use the icons below for quick access to UAB resources that can help protect you against phishing scams.