Social engineering manipulates individuals to gain access to sensitive information or perform certain actions. When this takes place over email, phone ("voice"), or text message ("SMS"), this is known as phishing, vishing, or smishing.

Phishing messages often appear to come from legitimate sources like coworkers, financial institutions, or commercial retailers. Scammers use phishing to trick recipients into divulging sensitive information, clicking malicious links, downloading malware, or making unauthorized purchases.

Examples of phishing

The strongest indicator of phishing is urgency because scammers are trying to make sure you don't have time to realize what's wrong. Here's what it might look like:

• Click here to verify your account is still active, or it will be deleted in 24 hours!
• Act now to claim your prize! (Enter your name, email, date of birth, and bank account details below...)
• Can you do me a favor? I'm a Vice President, and I need you to buy a gift card for our coworker's retirement party right now!

Tips to avoid getting phished

• Be cautious when opening unsolicited messages from unfamiliar email addresses or phone numbers.
• Scammers often ask for gift cards as a favor, and they might impersonate positions of authority and exploit your trust for this.
• If you receive a message with an unexpected link or file attachment, reach out to the sender through alternative means (phone, email, Slack, etc.) to verify their intent.
• Please report all potential phishing messages to ANR IT (help@ucanr.edu). While we can't currently block individual addresses, we want to keep an eye on the threat landscape.