Common Searches

Phishing and Ransomware


Phishing scams are one of the fastest growing Internet crimes. Cyber criminals use phishing messages to steal personal information such as usernames and passwords, social security numbers, or credit card numbers. They are also used to install malware on people’s systems. In a typical scam, the cyber criminal sends an email, SMS, or voice message with the intent to impersonate a person or business you know or trust. They want to instill a sense of urgency to provoke an immediate reaction or they may threaten consequences if you fail to respond. They don’t want you to think, they want you to click.

Typical phishing messages ask you to directly reply with sensitive information or have you click a link taking you to a website to collect that sensitive information. The site will usually collect username and password as well as other data like birthrate, employee ID number and Social Security Number. Or, sometimes, the site will install malware on your computer or device that grabs all data you enter into your device.

How do I recognize a phishing email?

Did the email come from the person it says it came from?

  • Phishing emails often look like they came from your boss or the IT department or a company you work with. To see who it actually came from you need to look at the real address and not the display name.
  • In many email programs on Windows and Macintosh machines you can open the message and double click on the senders name. It will show you the display name AND the actual sending address. If you get a message from your boss Tammy and the actual email is tammy@fakemail.com and NOT tammy@umsl.edu, it is most likely as scam.
    • In email programs on mobile devices, you can often press and hold on the senders name in the email to see who it came from.
  • Does the email have the red external sender banner? If so, it very well may be a scam. The red banner means it did not come from the University's email system However, we do have some areas on campus that use 3rd party webapps that may send you email with that red banner. If you do get an email with a red banner that is asking you to log into systems or reset accounts, it could very well be a scam. Look at anything with a red banner very closely

Are you expecting this email?

  • If you are not expecting the email, it might be a scam. Many of us do a variety of things throughout the day. If you get an invoice from a company that you don’t normally work with or from someone you don’t usually do business with, it may be a scam. You might need to reach out to them via your standard communication methods (IE: not the link in that email) to verify that it is real.
  • Phishing emails often try to scare you into clicking links and falling for the scam. They set a tone of urgency. They need it today, and they had to use a personal email because their work email would not work, or they want you to call them at a specific number instead of emailing them as normal. These are all tricks to get you to not think too hard about it and focus on the urgency.

What should I do if I get a phishing email or scam?

  • You can always report it to IT.
  • The best way to report these scams is by using the “Report Message” Button in Microsoft Outlook on Windows, Mac or Mobile devices. You can also forward it to abuse@umsl.edu.


  • You should NEVER click on links in the email to see if it is real. Those links could go to sites that will download and install malware or ransomware on your computer.
  • If you clicked the link, you should contact the Technology Support Center to see if they can assist you with scanning your computer for a Virus or Malware
  • If you do fall for a phishing email and enter your credentials, please visit https://password.umsystem.edu and change your password.


Ransomware is a type of malware. It infects your computer like other types of malware. This particular type of malware also takes over your files. It encrypts (scrambles) the files on your computer and any connected network drives making them unreadable you. The ransomware then pops up a window with instructions on how to pay the criminals money (ransom) to decrypt the files for you. Sometimes, if you pay the ransom, they will decrypt the files. Other times, they just keep asking for more money. It usually starts with $200 - $500 dollars but can be in the thousands.

Like all malware, ransomware is spread through malicious email attachments or by the user visiting an infected website where it is downloaded and installed. In some instances, users are directed to these sites by fake ads or links on social media. Ransomware is often not seen as malicious software by anti-virus programs as the developers are constantly modifying it.

There are some signs your system is infected even if you do not get a popup box. Your user files will have different file extensions. Examples might include: .crypto, _crypt, .toxcrypt, .magic, .SUPERCRYPT, .locky. You may also find a new text file on your computer with instructions on how to pay the ransom.

There are some things you can do to protect your computer and files.

Backup your files

  • At UMSL, the My Documents folder on your desktop is stored on a network drive (K:\ drive). That drive is backed up daily to help protect you.
  • You can also manually copy files files to a USB drive that you store remotely or to your google drive provided by the University.
  • A good backup of your files is the best protection against ransomware.

Don’t enable macros in documents you receive via email

  • Microsoft turned off macro auto run several versions ago as a security measure, but you can verify this by checking the settings in your version of Office.

Don’t open attachments in email that you are not expecting

  • If you are not expecting a FedEx package, don’t open an attachment in an email saying you have one.
  • If you have questions about an email, send it to us at abuse@umsl.edu

Keep your computer’s operating system patched and any programs like Office and Adobe Acrobat up-to-date.

If you believe your system has malware, we recommend you turn your computer off and contact the Technology Support Center at 314-516-6034.