Ninety-one percent (91%) of all cyberattacks start with a phishing email. Identifying and reporting phishing email is a vital step in protecting the UNM Community. This page contains a list of phishing campaigns that are known to impact the University. If you get a suspicious email but don't see it listed here, DO NOT assume it is safe - there are many variants of every phish, and new ones are sent each day. When in doubt, report spam and suspected phish.
Clues to help you recognize a phishing scam:
- Requests for your username and/or password – credible institutions and organizations will not request personal information via email
- Plays on human emotions to evoke sympathy, kindness, fear, worry, anxiety, or excitement
- Vague or missing information in the “from” field or email signature
- “To” field contains multiple random email address or is alphabetized
- Time sensitive threats (e.g., your account will be closed if you do not respond immediately)
- Links that don't refer to the sender or sender's organization
- Unexpected files or downloads
Report suspected phishes to the ISPO's Information Security Operations area
To report phishing email and junk email, please use the 'Report Message' feature in LoboMail.