Body
Overview
Cybercriminals know the best strategies for gaining access to the university’s sensitive data. In most cases, they simply manipulate a community member’s trust by posing as something they trust.
Check If a Message Has Been Reported as Phishing
You can check to see if an email you received has been reported as a scam on OIT's Email Scams page (sign in with your email address and NetID password).
Reporting a Message to Abuse
You may report an email to abuse by reporting it from your email client.
Outlook
To report an email, select the message you deem junk or phishing, then click Report Message (or Report) from the Outlook Ribbon. Then, choose either Junk or Phishing from the drop-down menu to report the offending email to Microsoft and the OIT Security Team. Screenshots for OWA (Outlook Web App, and Outlook for Mac and Windows are below.
Gmail
To report an email, select the message you deem junk or phishing, then click 
(Report spam) at the top of the message. You'll see a message that says, "Spam reported. Also, block sender?" Choose "Yes, block."
How to Spot a Phishing Scam
Know the signs. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, and an offer that seems impossibly good? Click that delete button.
Verify the sender. Check the sender’s e-mail address to make sure it is legitimate. If it appears that the OIT HelpDesk is asking you to click on a link to increase your mailbox quota, and the sender is “UniversityHelpDesk@yahoo.com,” it is a phishing message.
Don’t be duped by aesthetics. Phishing e-mails often contain convincing logos, links to actual company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other telltale signs of phishing attacks. Don’t hesitate to contact the company directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.
Never, ever share your password. Did we say never? Yup, we mean never. Your password is the key to your identity, your data, and your classmate's and colleague's data. It is for your eyes only. OIT will never ask you for your password.
Avoid opening links and attachments from unknown senders. Get into the habit of typing known URLs into your browser. Do not open attachments unless you are expecting a file from someone. Give them a call if you are suspicious.
When you’re not sure, call to verify. Let’s say you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the UT Chancellor or UT President. Cybercriminals often spoof addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the e-mail, call them at a known number listed in your institution’s directory to confirm the request.
Phishing isn’t relegated to just e-mail! Cybercriminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Seem too good to be true? It’s probably a phishing attack.
Don’t talk to strangers! Receive a call from someone you don’t know? Are they asking you to provide information or making odd requests? Hang up the phone and report it to the OIT HelpDesk at (865) 974-9900.
Don’t be tempted by abandoned flash drives. Cybercriminals may leave flash drives lying around for victims to pick up and insert, thereby unknowingly installing malware on their computers. You might be tempted to insert a flash drive only to find out the rightful owner, but be wary — it could be a trap.