Phishing is a scam that uses targeted email or pop-up messages to deceive consumers into disclosing personal information including credit card or bank account info, Social Security numbers, and passwords. 

These email scams convey a sense of urgency and claim to be from a business or organization that you may be involved with at work or school. Phishing attempts often impersonate various types of UMB communications.

UMB will NEVER ask you for your username or password. UMB Will also never request you visit a website to verify your account information. The messages warn of a variety of account problems:

• Compromised accounts are being restricted
• Account deletion is being conducted in preparation for a system upgrade
• Unused accounts are being deleted
• Mailbox storage limit has been reached
• Accounts are being migrated to a new system
• A maintenance process to fight spam is being conducted 

These emails request that you visit a link to verify your account or reply to the message with your personal information, username, or passwords.

Spam is unsolicited junk email, normally with advertising content. This bulk email is usually sent to a list gathered by legal or illegal means from subscribers to a website distribution list. Attending a conference, joining mailing lists, and submitting your email into raffles can inadvertently add you to distribution lists, also known as graymail.

• Never agree to receive postings about products or interests.
• Never reply to unsolicited email with a "remove" request, or click an "unsubscribe" link, as this only validates to a spammer or "list broker" that your address is current.
• Do not give personal information to an unprotected online service's member directory.
• Set anti-spam filters with your mail program
  • If you receive multiple and continuous SPAM messages from a specific email address or domain, you may want to add those email addresses to your Blocked Senders list manually. (Instructions on how to block an email address in Outlook client software| Instructions on how to block an email address in Outlook on the web).  Please note that spammers will often change the email address they are using to send SPAM or spoof the email address they are using.  As a result, adding an email address to your ‘Blocked Senders list’ may not always stop future SPAM.
• Use separate accounts for personal use.
• Do not resend chain letters, requests or dubious virus alerts.
• Do not follow links in emails from unknown senders.

• Click the “Phish Alert” button located within your Microsoft Office Outlook clients.
• You will be prompted with “Are you sure you want to report this email as a phishing email?”
• Confirm by click the “Phish Alert” button. This button sends the suspicious email to the security operations department for further review and deletes the email from your inbox.

These characteristics should be considered signs of a phishing message:

• Request for username and passwords. No one at UMB will send an email asking for your username and password.
• Fraudulent job postings or announcements. Be extra cautious of job announcements coming from a sender's personal email address.
• Unusual or strange purchase requests. Only open or click on information that you are expecting to receive from individuals.
• References to support staff. Ensure you know your support staff and only work with those you are accustomed to.
• Obvious spelling mistakes and bad grammar. Emails sent from UMB departments and offices are almost always reviewed and spell-checked prior to distribution.
• Unfamiliar links in the body of the email. Don’t click – hover to check the actual web address.
• Attachments that are “.exe” or “.zip” files.Opening these can launch and spread malicious software.
• Unknown sender,or an email from an unsolicited source. If you are not expecting messages from someone always review with caution. If unsure, reach out to your support staff.
• Storage Space/account threats or urgent messages waiting. Look up the sender in the UMB directory (not a number provided in the email) and call to confirm or contact your local support staff.