Cybersecurity Awareness Month: Protect yourself from phishing

October is National Cybersecurity Awareness Month, and Vanderbilt University Information Technology is sharing tips for staying safe and secure online. This article focuses on protecting yourself from phishing.

Since the creation of email, scammers have used phishing attacks to trick victims into revealing sensitive information. Phishing is when an attacker sends an email that looks and feels real but is actually designed to trick you into clicking a link or downloading an attachment to steal personal information or infect computers. In short, phishing is any email with malicious intent.

Attackers use phishing emails to steal the following:

In the early days of phishing, attackers would send very simple and direct email messages to trick users into replying with sensitive information or handing over money. While these direct email messages are still very much a tactic used today, many attackers now choose to use more sophisticated methods of phishing. Modern phishing campaigns typically include any or all of the following:

In addition to new tactics, the focus of many modern phishing campaigns also has grown to include new, more targeted attacks. Attackers have started building sophisticated campaigns that directly target specific individuals.

  • Spear phishing – a phishing campaign that is personalized to directly target a specific person.
  • Whaling – a phishing campaign that targets a group of high-profile individuals in a company.
  • Clone phishing – a phishing campaign where attackers make a copy of a legitimate email and send out an almost identical or “cloned” version that contains malicious links or attachments.
  • Vishing – a phishing campaign where attackers use phone calls or leave voice messages to trick recipients into revealing sensitive information.
  • Smishing – a phishing campaign where attackers use text messages to trick recipients into revealing sensitive information.

If I spot a phish, what can I do about it?

If you spot a phishing email, you can report it to VUIT Information Security by one of two methods:

  1. Using the Outlook email client, you can use the “Report Message” button and select phishing.
  2. If you are not using Outlook or the button is not available, you can forward the phishing email (as an attachment) to

What do I do if I clicked on (or entered credentials into) a phishing email?

  1. Reset VU and personal passwords. You can find help for this on VUIT’s Identity Management webpage.
  2. Contact VUIT Support for an anti-virus scan by calling 615-343-9999 or submitting a help request at