Phish Bowl

Ninety-one percent (91%) of all cyberattacks start with a phishing email.  Identifying and reporting phishing email is a vital step in protecting the UNM Community.  This page contains a list of phishing campaigns that are known to impact the University.  If you get a suspicious email but don't see it listed here, DO NOT assume it is safe - there are many variants of every phish, and new ones are sent each day. When in doubt, report spam and suspected phish.

Clues to help you recognize a phishing scam:

  • Requests for your username and/or password – credible institutions and organizations will not request personal information via email
  • Plays on human emotions to evoke sympathy, kindness, fear, worry, anxiety, or excitement
  • Vague or missing information in the “from” field or email signature
  • “To” field contains multiple random email address or is alphabetized
  • Time sensitive threats (e.g., your account will be closed if you do not respond immediately)
  • Links that don't refer to the sender or sender's organization
  • Unexpected files or downloads

Report suspected phishes to the ISPO's Information Security Operations area

To report phishing email and junk email, please use the 'Report Message' feature in LoboMail.


Report an Incident

If you suspect that your NetID (i.e. LoboMail account) or a computer have been compromised and you need to know what to do, please see our FAQ

Abuse Report Form

- or -

Report Message: Junk

 - or -

Report Message: Phishing

 - or - 

Help.UNM Self Service

 - or -

UNM EthicsPoint


For more information, visit our Contact Information page


Learn how to identify phishing emails.

Check out this SANS Don't Get Hooked Poster!

Don't Get Hooked 

Click to see the full size poster.

fish-bowl