What to Do If You Receive a Phishing Attempt

Operating System: All

Applies To: UB students, faculty, staff, alumni, retirees and volunteers

Last Updated: August 23, 2024

If you suspect that an email or text message you received is a phishing attempt:

• Do not open it. In some cases, the act of opening the phishing email may cause you to compromise the security of your Personally Identifiable Information (PII).
• Delete it immediately to prevent yourself from accidentally opening the message in the future.
• Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware.
• Never click links that appear in the message. Links embedded within phishing messages direct you to fraudulent websites or web forms.
• Do not reply to the sender. Ignore any requests the sender may solicit and do not call phone numbers provided in the message.
• Report it. Help others avoid phishing attempts:
  • Check if the attempt has already been reported.
  • If not, report it to UB. Attach the mail message with its mail headers in your message. Tell them you have changed your password.
  • Use the Federal Trade Commission's online Complaint Assistant if you have been phished.

If you receive a phone call that seems to be a phishing attempt:

• Hang up or end the call. Be aware that area codes can be misleading. If your Caller ID displays a local area code, this does not guarantee that the caller is local.
• Do not respond to the caller’s requests. University at Buffalo, financial institutions and legitimate companies will never call you to request your PII. Never give PII to the incoming caller.