Vanderbilt IT speaks to University Staff Advisory Council about how to protect against phishing attacks

Masood Sidiqyar, VUIT director of security operations
Masood Sidiqyar, VUIT director of security operations

Masood Sidiqyar, VUIT’s director of security operations, spoke to members of the University Staff Advisory Council Aug. 8 about how to spot a malicious email and how to avoid becoming victims of phishing attacks.

“There’s no doubt that phishing attacks have increased dramatically in the last couple of years,” Sidiqyar said. “The more you know about how hackers create convincing emails in an effort to retrieve your personal information, the better you’ll be able to avoid clicking on malicious links and attachments.”

Sidiqyar advises reviewing best practices to protect yourself from phishing attacks by learning how to distinguish a phishing email from a legitimate email. To request that a member of VUIT speak to your individual department or group, email VUIT Security Operations at

A phish is made to look like a legitimate email, Sidiqyar said—be it from a friend, a business or even an organization. The email usually comes from a phony email address that may only be one or two characters different from the real account, or it can come from a real account that has already been compromised.

If there is ever a question about the legitimacy of an email, send all suspicious emails to VUIT’s Incident Response team at


  • Never give your ePassword to anyone.
  • Never click on links or open attachments in emails unless you verify that the sender is who he or she claims to be and acknowledges sending the email.

For additional general information about phishing and how to protect yourself, please contact VUIT Security Operations at