What is phishing?
Phishing is a technique identity thieves use to steal your personal
information, usually passwords or financial information. Like a
fisherman using a lure to hook a fish, identity thieves try to lure you
into giving up personal information by making what looks like a
legitimate request from an organization you trust. These might look like
they are from a bank, credit card company, or even the University.
Unfortunately, phishing scams can be highly effective.
Phishing can be very easy to spot or it can be surprisingly subtle:
when you receive an email or phone call from an institution you don't do
business with, it is easy to recognize the message as a scam. However,
sophisticated phishing attempts use emails and phone calls that are
crafted to look and sound like an official message from your bank,
credit card company, or the University of Illinois.
Increasingly, phishing messages do not ask for you to respond with
your information by email. Instead these messages have links that look
like they will send you to a legitimate site, but instead send you to a
copy designed to steal your personal information. To be safe do not
click on links in the email; visit websites by typing the web address
directly into your browser's address bar.
It is important that you learn to spot phishing attempts - no matter
what they look like - to protect yourself and your personal information.
What should I do if I spot a phishing attempt?
and foremost, do not click any links or reply back to the email. In
most cases, just receiving a phishing email doesn't put you in danger.
When you spot a phishing email, you can simply delete it.
receive a phishing email claiming to be from the University of Illinois or a staff/faculty member,
you can simply delete it, or you can inform Tech Services by forwarding it as an attachment to email@example.com. Their system looks at the message and determines whether it's spam, and then adjusts to keep it from spreading to other people's email accounts. Here's how to forward an email as an attachment.
If you receive a phishing email in a personal email account you can report it by forwarding phishing emails to the FTC's consumer-facing address - firstname.lastname@example.org -
and to the company, bank, or organization impersonated in the phishing
You can report phishing email sent to your personal account to the Anti-Phishing Working Group
at email@example.com or to the United States Computer Emergency Readiness Team (US-CERT)
possible to fake caller id information, so do not trust a call just
because you recognize the number. If you are not sure a phone call is
legitimate, do not give out any information. You can confirm
whether a phone call is legitimate by calling the organization back at a
known good phone number.
Read through Tech Services' "How to Spot Phishing" guide: http://techservices.illinois.edu/security/phishing
See past phishing attempts targeted at the university: http://publish.illinois.edu/phishingalerts/
Visit snopes.com to see if the suspect email is on their list of known phishing scams.
Take this quiz to see if you can correctly guess whether emails are legitimate! (Quiz provided by SonicWall, an enterprise security company.)