Before You Click: Don't Get Hooked by Phishing Scams

Before You Click Before You Click

Tax Season is upon us—and the amount of personal information being exchanged online makes this a prime time for phishing.

Tax-related online scams remain the number one avenue for phishing attacks every year. It is important to be able to recognize a phishing attack to protect yourself against identity theft. These attacks typically occur through email, phone calls, or malicious websites to solicit personal information by posing as a trustworthy organization, federal agency, or as your accountant.

Avoid falling victim to identity theft or suffering financial loss by reviewing these safety tips:

  • Secure your W-2. Make sure your address is up-to-date before companies send your W-2. If requesting via email, enable multi-factor authentication to your email as an added layer of defense.
  • Use an encrypted and trusted internet connection. If you are using an online tax vendor, look for the lock icon and "https://" in the web address bar to ensure that your information is protected.
  • Be wary of calls or texts that request confidential information. Banks and government agencies will not ask you to reveal personal information over the phone.
  • Review all received emails. Only open emails and attachments from people you trust. Hover your cursor over the website link in the email to identify the true destination link. Access websites by typing the website address directly into the URL bar instead of clicking the website link in the email.
  • Phishers use scare tactics. If you are pressured to provide sensitive information, initiate contact with the requestor (e.g. the IRS or your bank) directly to confirm the authenticity of the request.
  • Avoid generic requests. Fraudulent emails are often not personalized, while authentic emails reference you by name and with specific account details.

Have you received suspicious emails in your inbox? If so, you can easily report spam and phishing attempts through Microsoft's "Report Message" tool within Outlook (desktop or online).

Fast and precise reporting of suspicious emails reduces the possibility of malicious phishing campaigns spreading within an organization. By enabling this feature and encouraging our community to report suspicious emails, UMIT aims to continue to protect the University community against cyber attacks.

Use of this feature notifies both Microsoft and the University’s Information Security Office that a suspicious email made it through our security filters. If the message is confirmed to be malicious, Microsoft will add this email to its filters to prevent it from reaching other people, and the UMIT Security team can research and remediate any potential threats.

Not using the Report feature leads to delays in research, remediation, and blocking.

We value your diligence for recognizing, addressing, and reporting suspicious emails.

To learn how to use the "Report Message" tool, please review the instructions below:

For those who read email via the Outlook desktop mail client –
  • Identify and select the Report Message tab located on the upper right-hand corner of Outlook, as shown in the image below. Then select "Phishing" from the drop-down list. Finally, select "Report" to confirm your selection.
For those who read email online via Outlook on the Web –
  • Log in to your UM email at: Within the suspicious message, click the ellipses (…) and select "Mark as phishing" from the drop-down menu, as shown in the image below. Finally, select "Report" to confirm your selection.

To learn more about phishing attempts and what types of scam emails to look out for, please refer to the following:

For more information, please feel free to contact the UMIT Information Security Office team at:

Thank you.

Click here or on the image below to download the Before You Click flyer:

Feel free to share this with your colleagues/peers!