Things You Should Know About Phishing - Don't Take the "Bait"



Hackers Are Trying to Reel You in Through Email

Email is an essential part or our everyday communications. It is also one of the most common methods that hackers use to attempt to gain access to sensitive information. More than 90% of data breaches start with a phishing attack. Phishing uses fraudulent email messages designed to impersonate a legitimate person or organization. They attempt to trick the recipient into downloading harmful attachments or divulging sensitive information, including passwords, bank account numbers, and social security numbers.

Phishing scams can have a number of different goals. They may attempt to:

  • Target your cash and payment card data
  • Gain control of your computer and local network resources
  • Gain access to your University Computing Account and resources

Phishing scams typically attempt to take advantage of you by:

  • Delivering file attachments that can infect your computer with harmful software
  • Enticing you to click on links to websites that infect your computer with harmful software
  • Tricking you into sharing your username and password so hackers can gain access to your network or other sites


Email and Phishing Training Course

Learn how to protect yourself from phishing scams, how phishing attacks work, and how to recognize and respond to one—take the Pitt IT Email and Phishing interactive mini-course.


Learn to Spot a Phishing Scam


Phish Like Spam

Spam is unwanted "junk" email that can quickly fill your email inbox. Never respond to a spam email or click on a link in a spam email message. Doing so validates your email address to the spammer and increases the likelihood of you receiving still more spam. 

Most of the time, spam is annoying, but harmless. However, sometimes what appears to be just a spam message is actually a phishing attempt. Trojan horses and other malicious software are often attached to spam emails. These emails also sometimes contain links to websites that will download software intended to compromise your computer. So beware of spam emails!

Can You Pass Our Simulated Phishing Scam Test? 

The University has implemented a new phishing awareness program that will periodically send you simulated phishing emails designed to imitate a real scam. These simulated scams are completely safe and there are no negative consequences if you mistakenly reply to a simulated phishing message. If you are fooled by a simulated scam, we recommend that you review the brief educational material presented afterward.

If you recognize an email as a phishing scam, we encourage you to report it using the steps in the following section.

Reporting a Phishing Scam

Although your first instinct may be to ignore or delete suspicious emails, we recommend that you report them to our security team. We will examine the email and, if necessary, advise you of any further steps you may need to take.

To report a phishing scam, the simplest solution is to use the Outlook Report Phishing add-in.  Alternatively, you can forward the phishing email as an attachment to

Reporting a phishing scam in Microsoft Outlook (Desktop client)

  1. Select the suspicious email in Outlook.
  2. Press Control-Alt-F. This will open a draft email message with the suspicious email as an attachment.
  3. Add in the To: field of the draft email message.
  4. Send the email.

 Reporting a phishing scam in Microsoft Outlook Online (Office 365)

  1. Select New to compose a new message.
  2. In the upper right-hand corner of the new message, click the icon to compose the message in its own window.
  3. Drag the suspicious email into the body of the new message. This will add the suspicious email as an attachment.
  4. Add in the To: field of the draft email message.
  5. Send the email.

Reporting a phishing scam in Apple Mail

  1. Select the suspicious email in Mail.
  2. Select Message, then Forward as Attachment from the menu bar (or right-click and select Forward as Attachment).
  3. Add in the To: field of the draft email message.
  4. Send the email.

 Note: Please do not forward spam messages to Only forward email messages that you suspect are phishing scams.    


Print Article


Article ID: 57
Tue 7/18/23 12:04 PM
Wed 5/1/24 9:11 AM

Related Services / Offerings (1)

SECURITY CONSULTING AND EDUCATION KnowBe4 provides security awareness resources to train, promote and reinforce information security best practices.