Spam
Phishing
Spam and Phishing are both types of unwanted digital communications. While UAH deploys numerous tools in an attempt to filter out these messages and prevent them from reaching your inbox, no solution is perfect. It is important for you to understand the difference between a spam and phishing email and how to handle each type of message.
Spam
Spam is another term for unwanted and unsolicited messages sent in bulk via email. It is also sometimes called "junk email", "spam mail", "spam email" or simply "spam." Spam generally consists of bulk advertising for dubious products, get-rich-quick schemes, quasi-legal services, or other information about a product or service that you did not request. Spam emails are typically sent to a large number of recipients. Spam emails are typically annoying and clog up computing resources but generally aren't dangerous.
Examples of spam messages include but aren't limited to:
- Unsolicited advertisements for products or services (online services, retailers, dating sites)
- Chain emails
- Hoax virus warnings
- Get rich quick schemes ("you've won the lottery", "make money online", "buy this stock/crypto/etc.")
If you receive an email you believe to be spam in your inbox then take either of the following actions:
1. From your Gmail inbox, check the box next to the message that is spam and click the Report Spam button above the list of messages that looks like an exclamation point in a circle.
Or
2. From within the message itself, click the 3 dots in the top right corner of the message and in the drop down box that appears, click "Report spam."
Doing either of these actions reports the spam message back to Google's automated spam filters to better train it to recognize similar emails as spam in the future.
Phishing
Phishing emails attempt to acquire sensitive information such as your UAH username or password or personal details such as your banking or credit card details. Phishing emails pose as a trustworthy source such as a company you do business with or a UAH faculty member, staff member, or student. Phishing emails will often direct you to enter details by replying to the message, contacting them via a different method (different email account or text message, for example), or proceeding to a website to enter sensitive information.
Phishing emails are generally more targeted and use urgent language to attempt to create a sense of panic or fear. They may warn of consequences for not taking immediate action.
Examples of phishing messages include but aren't limited to:
- False security claims such as "your account has been hacked," "OIT security needs you to click this link," or "your computer is out of date"
- Fake job offers such as "research assistant needed," "admin assistant position," or even generic statements like "you've been hired!"
- Fake invoice with an attachment appearing to be from a legitimate vendor (sometimes even using the company logo on an attached PDF or image file)
- Fake package delivery scams attempting to get you to enter personal information because a "package is held up awaiting delivery" or "unable to deliver package"
- Gift card scams that pose as executives and attempt to get the reader to buy gift cards to online retailers and send them the serial numbers
Besides posing as legitimate sources, phishing emails tend to be urgent requests for attention to click a link or open an attachment right away.
One of the telltale signs of a phishing email is that the email address that it is from does not match who they claim to be. For example the from: says "Dr. Charles L. Karr" but when you look at the email address, it's from "DrCharlesKarr@gmail.com" instead of his UAH.edu email address.
If you receive an email you believe to be phishing in your inbox we urge you to report it as such. From within the message itself, click the 3 dots in the top right corner of the message and in the drop down box that appears, click "Report phishing."
Please note that OIT is in the process of testing a better way to report phishing emails; this method is the Phish Alert Button. If your Gmail inbox includes an image of an orange fishing hook like either of the two images below, use that button to report phishing emails instead:
or
OIT will be rolling out the Phish Alert Button to faculty and staff on campus throughout 2025 and will make announcements via email when it is deployed. For more information about how to use the Phish Alert Button, please see this Knowledge Base article.