Phishing at UH

What is phishing (pronounced "fishing")?

From Wikipedia: phishing is "the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication."

Phishing is usually implemented via email or instant messaging but any electronic messaging system may be used, e.g. Twitter. Phishing emails are usually spammed (sent via bulk, unsolicited email) or could be targeted to a specific organization or group. After obtaining usernames and passwords, cyber criminals could impersonate the owner of the compromised account, steal confidential information, commit identity theft, send more spam, and commit other criminal activities.

If you receive phishing email (which may look authentic and legitimate) requesting sensitive information (e.g. usernames, passwords, email addresses, bank account numbers, credit card numbers, Social Security numbers, date of birth, etc.):

  • DO NOT REPLY to the email. Replying (even to tell the spammer to stop) tells the spammer that your email address is valid.
  • DO NOT PROVIDE any sensitive information, especially if the email is unsolicited or from an unknown user.
  • DO NOT CLICK on any links/images/attachments contained in the phishing email. Do NOT enter personal sensitive information into online forms. Malware may also be downloaded and installed on your computer.
    • CALL the sender/agency/organization to verify that the email is legitimate.
    • Contact the ITS Help Desk if you have questions about the validity of an official-looking communication.

After a targeted phishing email is reported, Information Technology Services (ITS) may choose to implement protective measures such as:

  • investigating new phishing attempts
  • blocking the email address from sending to UH
  • blocking the reply email address from receiving from UH
  • contacting users who replied to the phishing email before it was reported and blocked
  • blocking access to suspicious websites that are linked within the phishing email
  • posting new phishing email on the Security Alerts website at

Phishing notification

Please go to under the Security Alerts section to check for the latest phishing attacks targeting UH usernames.

If you would like to receive phishing notices by email, go to and subscribe to our phishing-alert email list.

General guidelines for reporting spam/phishing

More information

Protect Yourself Against Phishing

Spam and Phishing

Spam at the University of Hawaii

Security (or lack of it) on the Internet (Spam and Phishing)

Please rate the quality of this answer: Poor Fair Okay Good Excellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 966
Created: Tue, 24 Feb 2009 1:36pm
Modified: Wed, 06 Feb 2019 9:57am