Phishing Attack Targeting the University of Rochester

UR has seen a recent increase in phishing emails that encourage users to click on harmful links. These emails are coming from internal email addresses (i.e. and may appear legitimate.


How to Identify a Phishy Email

There are a few ways to identify these emails as phishing attempts; however, these could change at any time. When in doubt, contact the Help Desk directly. Please lookout for the following:

  • A message coming from someone you do not usually email even if it is an internal email address
  • There is no address in the “To” field
  • When you hover over a link in your email (do not click!), the web address that displays is NOT an internal address

In general, many phishing emails look legitimate so it is important to always avoid clicking any links that you have not specifically requested from a colleague.

What Should You Do?

Received a suspicious email and not sure what to do next? If you receive an email from someone, you do not usually communicate with, do not click any links or respond to the email. Instead, forward the email to


Get Educated on Phishing

For more information on phishing, visit University IT’s Phishing Education page.


Contact Information

University IT Help Desk