Skip to content


What is Phishing?

A ‘phish’ is an email or communication designed to look like a legitimate email that instead carries malicious code or a virus, or that redirects you to a website that automatically infects your system with spyware or malware. Here at UC Merced, we want to make sure we arm you with the latest information regarding phishing scams to help you stay safe online.

Example Phishing Email

Self-Phishing Campaign

In order to promote awareness and to assist in training our users in identifying spam, the UC Merced OIT Information Security has embarked on a self-phishing campaign. These emails are intended to look and sound exactly like the real thing, however instead of containing malicious code by links or attachments, they will lead you to a page called a “Teachable Moment” where you will have an opportunity to learn more about what phishing emails look like.

The object of this self-phishing exercise is to educate our users to NOT click on the spam link. Instead, we want users to get in the habit of forwarding suspected phish to Information Security using the link below.

Report a Phishing Email

Phishing Email Archive

UC Merced Information Security encourages faculty, staff, and students to exercise caution when opening emails that contain links or attachments. We want our campus community to report phishing scams and to contact us when they aren’t sure if an email is a phishing scam.

As part of our campus user education and awareness program for phishing scams, we have created an archive of known phishing attacks currently active on our campus. We hope this will help users to better identify and avoid these pesky and annoying emails! Browse the archive below to see examples of what to look out for.

Reporting Spam and Phishing

How to report a Phish

Beginning October 8, 2022, please report any suspicious messages to the Information Security Office by clicking on the "Report Message" feature at the top of your Outlook screen. Clicking Report Message and selecting "phishing" will 1) automatically alert Information Security about the suspected phish attempt and 2)move the message to your deleted items folder. Look for this feature in your Outlook client or in O365 to give this a try when you next see a suspicious message. 

Alternately, spam and phishing complaints can be forwarded to for reporting and analysis.