NEVER email your User IDs and passwords to anybody. Legitimate organizations including MITS, your departmental IT group, Bruin Online and other UC organizations will never ask you to do this.
Never give out any personal information if you cannot verify the identity of the requestor. This goes for any type of communication – phone, email, SMS text, fax, letter, etc.
Don’t trust the FROM address on emails because it is trivial for hackers to set the FROM address to whatever they want.
Be suspicious if the FROM address does not seem to match with the message, for example, if the email is supposedly from Bruin Online, but the return address has a non-UCLA email.
Check any links by mousing over them first before clicking. The bottom of the browser or a pop-up window should show the actual website that the user will be directed to. For example mouse over the following link http://www.mednet.ucla.edu and you will see that the link is actually for http://www.library.ucla.edu.
If you have any uncertainty about whether or not emails or web sites are to be trusted, look up the contact information for the sender (don’t take it from the suspicious email or web page) and then call or email to verify. You should be able to contact any legitimate requestor through the organization’s main number.