Tips for Avoiding Phishing, Identity Theft, and other Scams

It’s always a good idea to keep good security practices in mind. Check out some of our tips and tricks for recognizing and avoiding scams.

What is phishing?

Phishing is a technique identity thieves use to steal your personal information, usually passwords or financial information. Like a fisherman using a lure to hook a fish, identity thieves try to lure you into giving up personal information by making what looks like a legitimate request from an organization you trust. These might look like they are from a bank, credit card company, or even the University. Unfortunately, phishing scams can be highly effective.

Phishing can be very easy to spot or it can be surprisingly subtle: when you receive an email or phone call from an institution you don't do business with, it is easy to recognize the message as a scam. However, sophisticated phishing attempts use emails and phone calls that are crafted to look and sound like an official message from your bank, credit card company, or the University of Illinois.

Increasingly, phishing messages do not ask for you to respond with your information by email. Instead these messages have links that look like they will send you to a legitimate site, but instead send you to a copy designed to steal your personal information. To be safe do not click on links in the email; visit websites by typing the web address directly into your browser's address bar.

It is important that you learn to spot phishing attempts - no matter what they look like - to protect yourself and your personal information.

What should I do if I spot a phishing attempt?


First and foremost, do not click any links or reply back to the email. In most cases, just receiving a phishing email doesn't put you in danger. When you spot a phishing email, you can simply delete it.

If you receive a phishing email claiming to be from the University of Illinois, you can simply delete it, or you can inform Tech Services by emailing (Note: your email could be returned as undeliverable if it is already recognized as spam or is a known phishing attempt. In that case you can simply delete the message.)

If you receive a phishing email in a personal email account you can report it by forwarding phishing emails to - and to the company, bank, or organization impersonated in the phishing email. You can report phishing email to the Anti-Phishing Working Group at or to the United States Computer Emergency Readiness Team (US-CERT)


It's possible to fake caller id information, so do not trust a call just because you recognize the number. If you are not sure a phone call is legitimate, do not give out any information. You can confirm whether a phone call is legitimate by calling the organization back at a known good phone number.

Other Resources

See examples of phishing attempts targeted at the University of Illinois

Visit to see if the suspect email is on their list of known phishing scams.

Take this quiz to see if you can correctly guess whether emails are legitimate! (Quiz provided by SonicWall, an enterprise security company.)

Keywords:phishing, phish, scam, identity theft, spam, privacy, security   Doc ID:65145
Owner:Allison P.Group:University of Illinois - ACES
Created:2016-07-15 10:25 CDTUpdated:2017-03-01 17:10 CDT
Sites:University of Illinois - ACES
Feedback:  1   0