You are seeing this page because you clicked a link in an email that wasn’t what it seemed.
Phishing emails entice you with offers, or scare you with threats of loss to trick you into entering a malicious site and handing over sensitive info. In a real phish, the attackers would now have your EID password. We did not store your EID password when you entered it.
If you suspect a phishing email, please report samples to the UT Postmaster (postmaster-abuse@utexas.edu) or use the "Report" button in your Outlook app. Please also notify your local IT staff.
Let’s learn how you can detect phishing attacks like these so you don’t get caught by a real attack.
Here's a great example of what the most determined, skillful phishers could send. The message uses authentic UT graphics, references actual UT organizations, and relates to a topic that seems plausible.
A few clues should lead you to think twice: The presence of a soon-approaching deadline and mention of “delays in paycheck processing” are crafted to add a sense of urgency. Let's also look at the hard evidence:
1) Though the sender’s name is “Financial & Administrative Services”, an actual campus organization, the sender’s address (finance@utexas.cloud) is not an official University account.
2) Hovering over the link (or tapping-and-holding on a mobile device) reveals the “re-submit timesheets” link points to a site in the utexas.cloud domain, which is not part of the University’s official utexas.edu website.
These clues should expose the message as a fraud. When you think a suspicious email or website is trying to trick you, check with your local IT support, the UT Service Desk, or the Information Security Office.
How do you know whether a link looks legitimate? See the Inspecting Links tab.
Like with Outlook, hovering your mouse cursor will expose the link's true path, but you'll have to look carefully…
It can be hard to spot at first, but a link's true path will always be revealed in the bottom-left corner of the browser.
For practice, take a moment and inspect these three links. You don’t have to click them; just inspect them and note which ones go where they say they’re going.
See the Inspecting Links tab for how to tell whether a link is legitimate.
If you're checking your mail on your phone, instead of tapping the link, do a long press. When you press and hold on the link, it will just display where the link will take you rather than actually taking you there. As before, think of what the link says it is vs. what its true path is.
For practice, take a moment and long press these three links. Note which ones go where they say they’re going.
See the Inspecting Links tab for how to tell whether a link is legitimate.
When you're inspecting a link, or on a website, how do you know it's legitimate or not?
Links have lots of information in them. They can be daunting. We'll break it down so you can focus on the most important part. Take this link, used in a real phishing attack.
That's a lot of information, and some of it looks legitimate. But once you understand the structure of links, it becomes easy to see why this is a malicious link.
Websites are hosted on computers, much like the ones in your office. The Host part of a link tells you the name of the computer.
And just as your computer has files and folders on it, websites have them too. The Directory part of a link is just like a folder path on your computer. The very last piece of a link is the File name. It tells you the file you’re looking at, just like a Word document or spreadsheet on your computer.
So now we know what all this information means. What’s really important?
No matter how long and confusing a link is, the Host is all you need to focus on. Attackers can manipulate the Directory and File name to look like legitimate content, but they can never change their Host to perfectly match a legitimate one. Let’s look at a legitimate Host now.
Now that we know the Host is what's really important, let's focus even more. Find the first single "/" in the link.
Look at the two words to the left of it, separated by a "." Those two words can never be manipulated; they always tell you a website’s true identity.
In the image below, those two words are "utexas" and "edu".
Compare the two images above. In the first, utexas.edu is the true source of the link, while the second one is org.ru. Look at the rest of the org.ru link. You can see its File name is trying to impersonate the Host of the first link!
Take a look at your web browser to find the address of the site you’re on, right now. What is its true source?
Now look at the phishing email that brought you here, and use all you’ve learned to identify it as a phish.
You’re now more prepared than you were before. Remember, when someone asks you for your EID password, personal info, financial info, or other sensitive info, slow down and verify. Beware of enticing offers and threats of loss; treat them as a signal to slow down and verify what’s really going on before you proceed.
When you identify a phishing email, report it to postmaster@utexas.edu and notify your local IT staff. The Postmaster will block any additional phishing emails from the attacker, and your local IT will spread the word about the attack so others don’t get caught.
If you have any feedback, questions, etc., please contact us.