Skip to content Skip to navigation

Phishing: Internet Email Scams

Close-Up of a computer keyboard with the "Enter" key replaced to read "Phising" in red. A fishing hook is laid on top to circle the word.

There is no foolproof way to avoid a phishing attack. Many scammers are very good at what they do, and it’s easy to be taken in by a sophisticated phishing email. The most important thing you can do is be very wary of giving out personal information, especially via email. If your gut tells you that something is “phishy,” don’t respond and don’t click on any links.

UC Merced will never request that you reply to an email with your UCMNetID, password, full Social Security number or confidential personal information. Be suspicious of any email that asks you to enter or verify personal information, on a website or by replying to the message itself.

What is phishing?

A phishing scam is a fraudulent email from what appears to be a reputable company or organization, such as a university, your bank or an online shopping site like The scammer’s goal is to steal personal information, such as your bank account details, passwords and credit card number.

How can I tell if an email is a scam?

• The email is not addressed to the recipient. “Dear Customer” isn’t an identifier.

• Bad spelling and poor grammar in an email claiming to represent a company

• The email is from somewhere you don’t live, like Nigeria or Singapore and you either know nobody there, or it’s not the email of anyone you do know there.

• Asking for money. Always start from the grounds that a request for money is to be treated with suspicion until proven otherwise.

 How do I protect myself? 

• Think Before You Click! It’s fine to click on links when you’re on trusted sites.

• Hover Over the URL. Verify it’s taking you to where it says it is.

• Verify a Site’s Security. It’s natural to be a little wary about supplying sensitive financial information online. As long as you are on a secure website, however, you shouldn’t run into any trouble. Before submitting any information, make sure the site’s URL begins with “https,” and there should be a closed lock icon near the address bar. Check for the site’s security certificate as well.

• Check Your Online Accounts Regularly. If you don’t visit an online account for a while, someone could be having a field day with it. Even if you don’t technically need to, check in with each of your online accounts on a regular basis.

• Keep Your Browser Up to Date. Security patches are released for popular browsers all the time.

• Use Firewalls. High-quality firewalls act as buffers between you, your computer and outside intruders.

• Be Wary of Pop-Ups. Pop-up windows often masquerade as legitimate components of a website. All too often, though, they are phishing attempts. Many popular browsers allow you to block pop-ups; you can allow them on a case-by-case basis.

• Never Give Out Personal Information. As a general rule, you should never share personal or financially sensitive information over the Internet.

• Use Antivirus Software. There are plenty of reasons to use antivirus software. Unique signatures that are included with antivirus software guard against known technology workarounds and loopholes. Just be sure to keep your software up to date.

• Stay informed. OIT regularly posts about phishing scams that are sent to students on their Facebook page. You can also learn more about OIT’s cybersecurity services and tools at

Reporting Spam and Phishing

Spam and phishing complaints can be forwarded to for reporting and analysis. Visit Report a Security Incident to learn more.