2. Do not reply!
Never send any reply to a phishing scam. Do not attempt to question its authenticity (any attacker will naturally assure you that the message is genuine) or try to "bait" the attacker with false details. OUCS does not see the content of any emails, merely that correspondence was sent. We must therefore treat any reply to a known phishing scam as though it contains the sending user's login credentials and will have no choice but to temporarily disable access to your account, for your own protection.