Phishing and Spam Email

What is Phishing?

Phishing is a scam that uses targeted email or pop-up messages to deceive consumers into disclosing personal information including credit card or bank account info, Social Security numbers, and passwords. 

These email scams convey a sense of urgency and claim to be from a business or organization that you may be involved with at work or school. Phishing attempts often impersonate various types of UMB communications.

UMB will NEVER ask you for your username or password. UMB Will also never request you visit a website to verify your account information. The messages warn of a variety of account problems:

  • Compromised accounts are being restricted
  • Account deletion is being conducted in preparation for a system upgrade
  • Unused accounts are being deleted
  • Mailbox storage limit has been reached
  • Accounts are being migrated to a new system
  • A maintenance process to fight spam is being conducted 

These emails request that you visit a link to verify your account or reply to the message with your personal information, username, or passwords.

What is SPAM?

Spam is unsolicited junk email, normally with advertising content. This bulk email is usually sent to a list gathered by legal or illegal means from subscribers to a website distribution list. Attending a conference, joining mailing lists, and submitting your email into raffles can inadvertently add you to distribution lists, also known as graymail.

How to Avoid SPAM

  • Never agree to receive postings about products or interests.
  • Never reply to unsolicited email with a "remove" request, or click an "unsubscribe" link, as this only validates to a spammer or "list broker" that your address is current.
  • Do not give personal information to an unprotected online service's member directory.
  • Set anti-spam filters with your mail program
  • Use separate accounts for personal use.
  • Do not resend chain letters, requests or dubious virus alerts.
  • Do not follow links in emails from unknown senders.

Reporting Suspicious Emails

  • Click the “Phish Alert” button located within your Microsoft Office Outlook clients.
  • You will be prompted with “Are you sure you want to report this email as a phishing email?”
  • Confirm by click the “Phish Alert” button. This button sends the suspicious email to the security operations department for further review and deletes the email from your inbox.

Cannot locate the “Phish Alert” button?

Outlook Web Access (OWA) 

  1. Click the 3 dots to expand options.
  2. Click Phish Alert Buttonimage

Outlook Client MacOSX 

  1. Select the “Phish Alert Report” buttonimage

Outlook Mobile App Android 

  1. Click the 3 vertical dots
  2. Click the Phish Alert Button
  3. Confirm sending the message to Security for further reviewimage

Outlook Mobile App iOS 

  1. Click the 3 horizontal dots
  2. Click the “Phish Alert” button
  3. Confirm sending the message to Security for further reviewimage

Outlook Microsoft Windows 

  1. Click the “Phish Alert” Button
  2. Confirm sending the message to Security for further reviewimage


How to recognize phishing

These characteristics should be considered signs of a phishing message:

  • Request for username and passwords. No one at UMB will send an email asking for your username and password.
  • Fraudulent job postings or announcements. Be extra cautious of job announcements coming from a sender's personal email address.
  • Unusual or strange purchase requests. Only open or click on information that you are expecting to receive from individuals.
  • References to support staff. Ensure you know your support staff and only work with those you are accustomed to.
  • Obvious spelling mistakes and bad grammar. Emails sent from UMB departments and offices are almost always reviewed and spell-checked prior to distribution.
  • Unfamiliar links in the body of the email. Don’t click – hover to check the actual web address.
  • Attachments that are “.exe” or “.zip” files.Opening these can launch and spread malicious software.
  • Unknown sender,or an email from an unsolicited source. If you are not expecting messages from someone always review with caution. If unsure, reach out to your support staff.
  • Storage Space/account threats or urgent messages waiting. Look up the sender in the UMB directory (not a number provided in the email) and call to confirm or contact your local support staff.

Still having trouble finding the “Phish Alert” Button?