This was an authorized Phishing email sent as part of The School of Dental Medicine's Security Awareness Training program.

Phishing is one of the more successful ways in which an attacker can steal your information or infect your PC. Rather than make people sit through training, we found it’s more effective to send out a “fake” phishing email to help increase customer awareness.

When some people mistakenly click on it, you instead get this gentle reminder of how to spot phony emails. We ask that if you do make it to this page, to please review the educational information below. Remember, some of these emails are trickier than others!

If you have any questions or feedback related to this exercise, please contact the SDM Help Desk (sdmhelp@buffalo.edu); 829-2056. 

What should have been clues when looking at this message?

  1. This is an external domain.  If you are unsure an email is legitimate, contact your IT support team.
  2. This is an unfamiliar domain.  Always review the destination by hovering over the link.
  3. There is no contact information for this supposed employee other than the email address in the “From” field.

What are other clues I can watch for?

  • Keep an eye out for misspelled words and poor grammar.
  • Does the message create a sense of urgency?  Phishing emails will try to get you to act quickly without thinking.
  • Is sensitive data being requested?  Never give away your credentials.

Also, per the irs.gov website: The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

What should I do if I think I've been phished?

We ask that you report phishing emails by sending the suspicious email to abuse@buffalo.edu. In your email, please remember to attach the message with its mail headers. By reporting suspicious emails you can help keep The School of Dental Medicine safer as a whole.

For more information on what to do if you receive a phishing email, please visit the UB Information Technology page, "What to Do If You Receive a Phishing Attempt." 

Why are you sending these to me?

"91% of targeted attacks involve spear-phishing emails." - TrendMicro

Spear-phishers use email to:

  • Deliver file attachments that can infect your computer with malware.
  • Entice you to click on links that take you to web sites that will infect your computer with malware just by visiting it.
  • Trick you into handing over your user credentials so that they can gain access to your network or other sites.

We're not trying to trick anyone. In fact, our goal is to minimize the number of people who click on a link from an unsolicited email. You provide a better defense against cyber criminals than any technology we have. 

Thank you for helping us keep The School of Dental Medicine safe!