Defeat Phishing Attacks
Learn the tell-tale signs of phishing emails

Cyber criminals use sophisticated methods to steal money and data. 

Examples of fraud include:

  • A fake email from your supervisor or other high-level individual asking you to purchase gift cards or demanding funds be sent to an account ASAP.
  • A change or an unexpected invoice arrives from a known vendor or a vendor states they never received payment and it must be received ASAP.
  • An email requests you to click on a link or “Sign In Here”.


  • Delete any phishing emails without clicking on any links or Reply.
  • If the email appears to be from an internal UCSF user but seems suspicious, generate a new email to the sender using the email address from UCSF’s internal directory and confirm whether they sent you the previous email.

Detect Phishing Emails:

  • Know that credible institutions and organizations will not request personal information, including usernames, passwords, banking details via email or text.
  • Recognize that time sensitive threats (e.g. your account will be closed if you do not respond immediately) are never used by legitimate organizations.
  • Be aware of the common elements of phishing emails: spelling and grammar mistakes, vague or missing information in the “from” field or email signature, or the “To” field contains multiple random email address or is alphabetized.
  • Be alert for other indications: an impersonal or awkward greeting, such as “Dear Mr. Account Holder”, unexpected files or downloads, links that don’t refer to the sender or sender’s organization, and emails about accounts that you don’t have, such as eBay or PayPal, or banks that you don’t have accounts with.


  • If you have received a phishing email or text on a UCSF supported mobile phone and mistakenly clicked on a link, contact the IT Service Desk immediately to report that your account has been compromised and change your password. UCSF IT Service Desk can be contacted at: 415-514-4100 or