Click Carefully

Malicious links (URLs) and attachments found in emails, text messages, social media, and pop-ups can lead you to dangerous sites, putting your data, computer, and the UTSW network at risk.

To remain secure, start with a few simple steps:

  • Examine all email sender addresses that contain an “External Mail” header.
  • Compare the sender’s name with the sender’s email address.
  • Were you expecting the email? Does it impart a sense of urgency? Verify legitimacy of questionable emails with the sender through a separate Microsoft Teams instant message, phone call, or UTSW email (not a reply). It never hurts to double check.

Beware of … 

graphic red X and circle with pointer icon over text: From Jason Scott [mailto:dsmith@company.net]

Impersonation

Impersonation emails are the most common type of email phishing scam used to target individuals. In this ploy, cybercriminals spoof a recognized name, often in one’s own organization, to initiate a dialogue that results in the sharing of personal information, login credentials, or a fraudulent financial transaction. These emails are often brief with a sense of urgency.

hyphens and symbols in URLs graphic

Hyphens and/or symbols in the URL

Cybercriminals often pair these with known brands (e.g., “amazon-#offer.com”) to lure you in. Legitimate websites don’t typically have hyphens or symbols in their URLs.

IP addresses in URLs graphic

URLs that are IP addresses

Website addresses that are entirely numbers are suspicious. Do not click this type of URL unless you are familiar with the IP address and you know exactly where the link will take you.

shortened URLs graphic

Shortened URLs

Services such as TinyURL and Bitly convert longer URLs to a URL with fewer characters. You should only click such links if you trust the sender of the link.

masked URL graphic

Masked URLs

Cybercriminals can embed malicious URLs inside legitimate-looking text, logos, and images. However, by hovering (not clicking) your mouse over these links, you can see the hidden URL and verify its integrity.

red circle with X graphic with skull and envelope icon, pointer and text: Download

Malicious Attachments

Be wary of email attachments. Cyberattackers can deliver malicious software, or malware, through infected attachments that can cripple an organization, destroying data and stealing information. The attachments can be disguised as documents, PDFs, e-files, voicemails, and much more.

Use professional antivirus software and keep it up to date.

Related Terms & Definitions

IP address
Internet Protocol address: An identifying number associated with a specific computer or computer network.
graphic of parts of URL showing outlook(subdomain).office(domain).com(top-level domain)
Anatomy of a URL
URL
Uniform Resource Locator: Indicates the location of a web resource (like a street address indicates where a person lives physically). Because of this, a URL is often referred to as a “web address.”
URLs  that are not an IP address consist of a domain and a top-level domain (e.g. “office.com” where “office” is the domain, and “com” is the top-level domain), but can be narrowed with the use of a subdomain (e.g. “outlook.office.com” where “outlook” is the subdomain).

If you doubt a URL’s authenticity, don’t click it!

Instead, immediately contact the ServiceDesk via ServiceDesk@UTSouthwestern.edu or call 214-648-7600 to report it.


Questions about security awareness?

Office of Information Security
informationsecurity@utsouthwestern.edu