The IT Support Center will never ask for your password via the phone or email. If in any doubt about the validity of an email message, use the Phish Alert Button to report the message.

On the internet, you may come across suspicious messages. Some of these messages can be phishing attempts. Phishing messages will often ask you for personal information such as your password or credit card information. They may also try to convince you to perform a certain action, such as click on a link, open an attachment, send a mobile phone number, send money, or buy gift cards. These messages are often crafted to appear like they came from a trusted authority or someone you know.

Common Phishing Methods

Email Phishing

"Dear IUP Email subscriber..."

"Confirm your Webmail account..."

"Your Email account upgrade..."

Phishing through email is possibly the oldest and most common form of phishing. If you receive a phishing message, be sure to report it to IT Support.

Watch out for these signs of a phishing message: 

  • Messages from another user in the organization that appear to have characteristics of a phish email may be a sign that the user's account is compromised and is being used to phish you.
  • Messages that ask for personal information such as username, password, mobile number, bank account, or credit card number.
  • Messages with a sense of urgency. For example, "Your account needs upgraded. Click this link or it will be deleted."
  • Messages with an attachment that you weren't expecting. These often look like they are coming from a reliable source, but they are not (e.g., FedEx, Credit Card Companies, the IRS).
  • Messages that ask you to perform tasks like buying gift cards.
  • Messages that have a generic greeting rather than using your name (Dear Customer, Dear User, etc.).
  • Messages with poor grammar or spelling mistakes.


Phishing Examples

Learn to spot a phishing message with a few common examples

Social Engineering

In the world of technology, social engineering is a deceptive strategy that exploits human psychology rather than hacking into systems. It's essential to be aware of this threat, as it can impact both individuals and organizations.

  • What is Social Engineering?
    • It's a manipulative technique that targets people, not computers.
    • Attackers use psychology to trick individuals into revealing sensitive information or taking harmful actions.
  • Common Social Engineering Tactics
    • Impersonation: Posing as a trusted entity to gain trust.
    • Pretexting: Creating a fabricated scenario to extract information.
  • Why it Matters
    • Protecting personal and sensitive data is crucial in the digital age.
    • Understanding social engineering helps prevent data breaches and identity theft.
  • Stay Informed and Safe
    • Learn to recognize red flags in emails and messages.
    • Verify the identity of anyone requesting sensitive information.
    • Educate yourself and others about social engineering to stay secure online.

By staying vigilant and informed about social engineering, you can play a vital role in preventing cyberattacks on IUP's systems.


One of the latest tactics is QR code phishing, also known as "quishing."

  • What is QR Code Phishing (Quishing)?
    • Quishing is a deceptive technique that leverages QR codes, commonly used for quick access to websites or information.
    • Attackers manipulate QR codes to lead victims to malicious websites, steal information, or compromise devices.
  • How Does Quishing Work?
    • Cybercriminals create QR codes that appear legitimate but actually redirect users to phishing sites.
    • Victims may unknowingly scan these QR codes using their smartphones or other devices.
  • Why it Matters
    • Quishing poses a significant risk to personal and financial information.
    • Victims may inadvertently expose sensitive data or fall for scams.
  • Protect Yourself Against Quishing
    • Be cautious when scanning QR codes from unknown sources or in suspicious contexts.
    • Use a QR code scanner from a trusted app or built-in device feature.
    • Verify the legitimacy of websites before entering personal information.

By staying informed about the risks associated with QR code phishing, you can protect yourself and others from falling victim to this deceptive cyber threat. Remain vigilant and exercise caution when scanning QR codes, especially from unfamiliar sources.


Another deceptive tactic that poses a significant threat to individuals is SMS phishing, commonly known as "smishing." 

  • What is Smishing (SMS Phishing)?
    • Smishing is a malicious technique that uses text messages to deceive and manipulate recipients.
    • Cybercriminals send fraudulent SMS messages to trick individuals into revealing sensitive information or taking harmful actions.
  • How Does Smishing Work?
    • Scammers often impersonate trusted entities, such as banks, government agencies, or well-known companies.
    • Victims receive text messages containing links to fake websites or requests for personal information.
  • Why it Matters
    • Smishing can lead to identity theft, financial fraud, and other security breaches.
    • People often let their guard down with text messages, making them vulnerable to this form of phishing.
  • Protect Yourself Against Smishing
    • Be cautious of unsolicited text messages, especially those requesting personal information or urgent actions.
    • Verify the sender's identity by contacting the organization directly through official channels.
    • Avoid clicking on links in suspicious SMS messages.

By remaining vigilant and informed about the dangers of smishing, you can reduce the risk of falling victim to text-based scams. Always exercise caution when receiving unexpected or suspicious SMS messages and verify the authenticity of the sender before taking any actions.

Learn other ways to stay safe online

Identify ways you can protect your personal information and privacy. Keep your computer safe from phishing attempts and malware.

Don't Fall for Fake Student Job Postings

Jobs that sound too good to be true should raise a red flag for any college student. Fake job postings abound in unsolicited emails sent to your student account and in online job listing sites.

Other phishing resources 

FTC training videos