Phishing and Spam

UNC Asheville will never require you to log in and “verify” your account.  This is a common tactic that criminals use to attempt to get you to submit your user name and password to a website that looks like ours, but is fake.

If you are unsure about a link and want to see where the link will take you without clicking on it, you can move your mouse over the link.  The web address will then show up in the lower-left corner of the screen.  This is an easy and safe way to tell what web site a link is sending you to.  If you don’t recognize the address, don’t click on it!

As with most large organizations, the university is often the target of phishing and spam emails. The university’s Google Mail system provides both phishing and spam protection, but some spam will inevitably arrive in your Inbox. Here are a few tips to help you recognize these bogus messages:

Does the email sender’s address end in

All legitimate email coming from the university has an email address ending in If the sender’s address doesn’t end in the message is probably not legitimate.

Was the message sent by a person with a name you can identify?

E-mails sent from ITS always come from an individual with a name. We will never send emails from “generic” accounts such as “Systems Administrator”, “Your Web Team”, or some other generic entity. If you’re unsure you can always check the name of the email sender against the Campus Directory. If the person’s name does not appear in the directory or the message was sent by a “generic” entity or title it’s probably bogus.

Although ITS does have mailboxes to receive email sent to, we will never send emails from these accounts.

Does the message ask you for your account information?

ITS will never ask for your password. Not via email, over the phone, or in person. If anyone asks for your password, do not give it to them. In fact, it is against university policy to share your account information with anyone.