How to protect yourself against phishing
What is phishing?
Phishing is computer fraud aimed at obtaining users’ confidential data, frequently when they receive an e-mail that looks similar to an official email sent from a trusted source, inviting them to provide their access data to a confidential account, in our case the @unito.it or @edu.unito.it account.
The email often invites the user to connect to a fraudulent website, usually justifying this by referring to technical purposes, where they are then requested to insert their access credentials.
Alternatively, the user is asked to email username and password, usually together with their personal data (first name, last name, tax code, etc.).
Rules to follow
Always follow these simple guidelines:
- before putting in your credentials on a website, check the domain carefully which is the first part of the web address you are connecting to. The site must always belong to the domain unito.it.
- examples of valid domains are sito.unito.it/ and idp.unito.it/idp/Authn/UserPassword
- if you are not sure if a domain is genuine, do not put in your credentials. For any queries contact the UniTo Service Desk UniTo
- never send your password by email. Under no circumstances does the University ask you to provide your password, be it via email, telephone or otherwise. Any requests for your personal password are computer fraud.
What you should do if you think you are a victim of phishing
- If you have received a suspicious email, do not reply to it and do not click on the links in it. Report the incident by contacting the UniTo Service Desk.
- If you have already put in your credentials or given them to someone, change your password immediately. If you cannot do so, report the problem immediately by contacting the UniTo Service Desk.