Security, How to identify phishing attempts and similar scams

How can I tell if an email or social media post is a phishing attempt, a scam, or real?

There are many phishing scams circulating via email and social media sites. Most target sensitive identity, financial,  and banking information or access to those things for the purpose of defrauding the recipient. Most will contain one or more of the following telltale markers:

  • Claims to be from reputable, important, or familiar entity such as employer/boss, HR department, the government (FBI, IRS, police, Homeland Security, et. al.) technical staff, Microsoft, bank, etc.
  • Unsolicited.
  • Asks recipient to:
    • Verify or divulge sensitive details such as your password, PIN, tax info, credit card information SSN, banking information, or anything else that contradicts a standing university policy.
    • Connect to an unfamiliar website to interact.
    • Interact with a non-encrypted/non-SSL (http) website
    • Forward the message to all their friends, repost, or cut and paste into social media sites.
    • Update information or click a link:
      • to keep an account from expiring
      • because your account is compromised
      • you need to provide information immediately to avoid being fined, penalized, or arrested.
    • Open a strange attachment or update their computer from an attachment or link in the message.
  • The email contains concealment factors such as:
    • compressed files
    • link obfuscators (shorteners, redirectors)
      • examples: tinyurl or bit.ly
    • hidden elements
      • example: html mail with link text of https://passwords.illinois.edu, but underlying link points off campus
    • filetype concealed (double suffix, such as .docx.exe or .pdf.html)
    • obfuscated elements
  • Sender's address does not match the domain of the mail relay in the email header
    • This indicates that the "From: " address was possibly forged.
A few things to remember:
  • Public advisories for the University of Illinois are posted on and can be validated from the Technology Services Security page: https://security.illinois.edu
  • Sometimes popular phishing attacks and hoaxes can be verified on Snopes.
  • Legitimate email will never ask you to disclose your password or other sensitive information
  • If in doubt do not click any enclosed link, but instead call or independently go to the official website of the purported sender's company so that you can check the authenticity of the email or submit a compliant.
  • Always report suspected phishing by forwarding the email in question to report-spam@illinois.edu
You can contact the Technology Services Help Desk if you have further questions.



Keywords:phishing hoax virus   Doc ID:48243
Owner:Security S.Group:University of Illinois Technology Services
Created:2015-03-04 15:29 CDTUpdated:2016-12-19 16:53 CDT
Sites:University of Illinois Technology Services
Feedback:  1   0