The University of Utah's Independent Student Voice

The Daily Utah Chronicle

The University of Utah's Independent Student Voice

The Daily Utah Chronicle

The University of Utah's Independent Student Voice

The Daily Utah Chronicle

Write for Us
Want your voice to be heard? Submit a letter to the editor, send us an op-ed pitch or check out our open positions for the chance to be published by the Daily Utah Chronicle.
Print Issues
Write for Us
Want your voice to be heard? Submit a letter to the editor, send us an op-ed pitch or check out our open positions for the chance to be published by the Daily Utah Chronicle.

UIT’s Efforts to Stop Phishing at the U

Phishing is a common email scam that could not only affect individual students, but the university as a whole. The U is taking many steps to combat and prevent these attacks.
Brenda Payan Medina
(Design by Brenda Payan Medina | The Daily Utah Chronicle)


As University of Utah students, there are many ways to be vigilant against outsiders who try to steal sensitive information in an online scam called phishing.

Phishing, as defined by the Federal Trade Commission, is “a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source – an internet service provider, a bank, or a mortgage company, for example. It asks the consumer to provide personal identifying information. Then a scammer uses the information to open new accounts, or invade the consumer’s existing accounts.”

Trevor Long, director for governance, risk and compliance in the Information Security Office at the U, said that on top of the email scam, which is most common, there is also “smishing” (SMS and text message attacks), as well as “vishing” (voice and phone attacks).

Chris Dansie, academic director of cybersecurity management for the David Eccles School of Business, said the U may be targeted because attackers want to gain access to the university system.

Dansie added this scam happens more often than most people realize.

He said at the U, there are considerable efforts to stop those emails from reaching inboxes in the first place, but there are some that slip through.

To help combat this issue, the university has been sending out simulated phishing tests to students, staff and faculty to bring awareness to the issue and help people identify what a phishing message can look like.

Long said if someone fails the test, they are given feedback about what they missed and how to do better in the future.

“Users that are deceived by U phish simulation exercises receive immediate feedback explaining the tell-tale signs in the simulated phish,” he said. “They are also enrolled in a brief online training that provides additional information on spotting and reporting phishes.”

According to the press release about these initiatives, “IT security breaches can also harm the U’s finances and reputation, and the privacy of U students, patients, faculty, and staff.”

A sneaky way the hackers try to gain access to operating systems can be through a corrupted file attachment, Dansie said.

“When you double click it, it’ll infect your computer; it could apply ransomware to it or it could just infect it so the attacker can log on remotely and you don’t even know it,” he said.

Both Dansie and Long stressed the importance of being diligent and reporting any emails that seem suspicious. The sooner a student, faculty or staff member reports a potential phish, UIT can review the email and even take the same email out of other’s inboxes.

You can report an email by using the Phish Alert Button in UMail or by forwarding the message as an attachment to [email protected].

In addition to these simulated tests, the University also has a resource called the Phish Tank, which has more information on common phishing tactics and red flags to look out for.

According to the Phish Tank, a few things to look for when determining if an email is a scam are if:

  1. The email comes in outside of normal working hours or late at night
  2. The email is sent to a group of people you don’t know
  3. The message has a tone of urgency and asks to verify an account
  4. There are general misspellings in the text and in hyperlinks
  5. The sender is someone you don’t know or is outside of your organization

Long’s advice to students who deal with this issue at the U is to know that everyone gets these types of messages and to be vigilant.

“The key is to not respond to the bait, which is often designed to trigger a strong emotion-based response,” he said. “Report suspected phish that you receive in UMail to the U’s Information Security Office to protect yourself and others. Never assume that a phish you receive only affects you. By reporting phishing, you just might save the U from a cyber-security incident.”

He added that students shouldn’t second-guess themselves when it comes to phishing.

“If you have even the smallest inkling that an email you get in your UMail account is a phish, report it,” he said.

Dansie finished by saying that technology is not always failproof, and there will be some phishing emails that get through the U’s filters. That is when “we rely on the humans to be able to detect phishing emails, delete them — or even better — record them, to take them out of your inbox.”


[email protected]


Leave a Comment
About the Contributors
Allison Stuart
Allison Stuart, News Writer
Allison is a senior at the U and has been writing for the Chronicle since the fall of 2021. Her interests include reading biographies, working out, singing and organizing. She is studying communication with an emphasis in journalism at the University of Utah.
Brenda Payan Medina
Brenda Payan Medina, Copy Director, Design Contributor
Brenda is a rising senior close to finishing her materials science and engineering degree. She has spent most of her life in Utah, and enjoys editing for the Chronicle because she gets to learn about different events and people within the community that she would not otherwise have known about.

Comments (0)

The Daily Utah Chronicle welcomes comments from our community. However, the Daily Utah Chronicle reserves the right to accept or deny user comments. A comment may be denied or removed if any of its content meets one or more of the following criteria: obscenity, profanity, racism, sexism, or hateful content; threats or encouragement of violent or illegal behavior; excessively long, off-topic or repetitive content; the use of threatening language or personal attacks against Chronicle members; posts violating copyright or trademark law; and advertisement or promotion of products, services, entities or individuals. Users who habitually post comments that must be removed may be blocked from commenting. In the case of duplicate or near-identical comments by the same user, only the first submission will be accepted. This includes comments posted across multiple articles. You can read more about our comment policy here.
All The Daily Utah Chronicle Picks Reader Picks Sort: Newest

Your email address will not be published. Required fields are marked *