How to Avoid Umail Phishing Attacks

August 12, 2016

In recent weeks, the number of phishing emails involving UCSB student Umail accounts increased. The goal of phishing is to get private information or infect your computer by enticing you to click a link or open an attachment. Some students who were targeted supplied their UCSBnetID and password. Their Umail accounts were then used to send phishing email to other users here and at other campuses across the country.

Please remember these general guidelines involving your Umail account:

Phishing messages often appear to come from reliable sources, like your friend or your bank.  It is easy to forge return addresses and make messages appear legitimate. Be skeptical of messages asking you to take action urgently and promising negative consequences for failure to act in a timely manner.

Many email programs display the actual URL if you hover over a link. Read the URL carefully. Many phishing sites look legitimate, but are not (e.g. instead of

Do not open attachments in email messages unless you are expecting them. Remember, it is easy to forge a return address. Just because a message comes from your friend does not mean it’s friendly.  If you are in doubt, ask the sender before opening the attachment.