Tips for Avoiding Phishing, Identity Theft, and other Scams
It’s always a good idea to keep good security practices in mind. Check out some of our tips and tricks for recognizing and avoiding scams.
What is phishing?
Phishing is a technique identity thieves use to steal your personal
information, usually passwords or financial information. Like a
fisherman using a lure to hook a fish, identity thieves try to lure you
into giving up personal information by making what looks like a
legitimate request from an organization you trust. These might look like
they are from a bank, credit card company, or even the University.
Unfortunately, phishing scams can be highly effective.
Phishing can be very easy to spot or it can be surprisingly subtle:
when you receive an email or phone call from an institution you don't do
business with, it is easy to recognize the message as a scam. However,
sophisticated phishing attempts use emails and phone calls that are
crafted to look and sound like an official message from your bank,
credit card company, or the University of Illinois.
Increasingly, phishing messages do not ask for you to respond with
your information by email. Instead these messages have links that look
like they will send you to a legitimate site, but instead send you to a
copy designed to steal your personal information. To be safe do not
click on links in the email; visit websites by typing the web address
directly into your browser's address bar.
It is important that you learn to spot phishing attempts - no matter
what they look like - to protect yourself and your personal information.
What should I do if I spot a phishing attempt?
and foremost, do not click any links or reply back to the email. In
most cases, just receiving a phishing email doesn't put you in danger.
When you spot a phishing email, you can simply delete it.
receive a phishing email claiming to be from the University of Illinois,
you can simply delete it, or you can inform Tech Services by emailing email@example.com.
(Note: your email could be returned as undeliverable if it is already
recognized as spam or is a known phishing attempt. In that case you can
simply delete the message.)
If you receive a phishing email in a personal email account you can report it by forwarding phishing emails to firstname.lastname@example.org -
and to the company, bank, or organization impersonated in the phishing
email. You can report phishing email to the Anti-Phishing Working Group
at email@example.com or to the United States Computer Emergency Readiness Team (US-CERT)
possible to fake caller id information, so do not trust a call just
because you recognize the number. If you are not sure a phone call is
legitimate, do not give out any information. You can confirm
whether a phone call is legitimate by calling the organization back at a
known good phone number.
See examples of phishing attempts targeted at the University of Illinois
Visit snopes.com to see if the suspect email is on their list of known phishing scams.
Take this quiz to see if you can correctly guess whether emails are legitimate! (Quiz provided by SonicWall, an enterprise security company.)