Topics Map > Accounts and Passwords
Topics Map > Safety and Security
Topics Map > Communication and Collaboration > Email

Security, How to identify phishing attempts and similar scams

How can I tell if an email or social media post is a phishing attempt, a scam, or real?
There are many phishing scams circulating via email and social media sites. Most target sensitive identity, financial, and banking information or access to those things for the purpose of defrauding the recipient. Most will contain one or more of the following telltale markers:

  • Claims to be from reputable, important, or familiar entity such as employer/boss, HR department, the government (FBI, IRS, police, Homeland Security, et. al.) technical staff, Microsoft, bank, etc.
  • May contain grammatical, spelling, or stylistic errors.
  • Unsolicited.
  • Asks recipient to:
    • Verify or divulge sensitive details such as your password, PIN, tax info, credit card information SSN, banking information, or anything else that contradicts a standing university policy.
    • Connect to an unfamiliar website to interact.
    • Interact with a non-encrypted/non-SSL (http) website
    • Forward the message to all their friends, repost, or cut and paste into social media sites.
    • Update information or click a link:
      • to keep an account from expiring
      • because your account is compromised
      • you need to provide information immediately to avoid being fined, penalized, or arrested.
    • Open a strange attachment or update their computer from an attachment or link in the message.
  • The email contains concealment factors such as:
    • compressed files
    • link obfuscators (shorteners, redirectors)
      • examples: tinyurl or bit.ly
    • hidden elements
      • example: html mail with link text of https://passwords.illinois.edu, but underlying link points off campus
    • filetype concealed (double suffix, such as .docx.exe or .pdf.html)
    • obfuscated elements
  • Sender's address does not match the domain of the mail relay in the email header
    • This indicates that the "From: " address was possibly forged.

A few things to remember:

  • Sometimes popular phishing attacks and hoaxes can be verified on Snopes.
  • Legitimate email will never ask you to disclose your password or other sensitive information
  • If in doubt do not click any enclosed link, but instead call or independently go to the official website of the purported sender's company so that you can check the authenticity of the email or submit a compliant.
  • Always report suspected phishing either by utilizing the Report Spam Outlook Add-in or forwarding the email in question to security@illinois.edu

Please contact the Technology Services Help Desk if you have further questions.