Body
Table of Contents
What is "phishing"?
"Phishing" is a type of cyberattack and a common way for cybercriminals to steal sensitive data. These attacks typically occur through email, fake websites, text messages, or phone calls.
Phishing emails are a common tactic cybercriminals use to target unsuspecting victims. These emails may appear to come from a legitimate contact, a well-known organization, or from a program that you use every day at school or work.
However, these emails are scams designed to trick you into revealing sensitive information. If you're not careful and fail to check all of your emails carefully, you could fall victim to a phishing attack.
What are common phishing emails encountered at UIC?
Password Reset/Account Deactivation
Stay alert of emails claiming your account has been deactivated or your password needs to be reset and contain links to "cancel" or "reset passwords". The link will redirect to a fake page and prompt you to enter login credentials where criminals will record and steal them.
Job and Internship Offers
Beware of emails with enticing job or internship offers and ask you to contact an alternate email. These are typically scams with the goal to steal your sensitive information or money.
Item Giveaway
Watch out for emails that claim a valuable item is available for free. If you reply, the sender will say the item is free but you must pay a delivery fee. Once you send the funds, you will lose the money and never receive the item.
Urgent Favor From UIC “Employee”
Cybercriminals pose as university employees and will send emails requesting an urgent favor, such as help purchasing a gift card or wiring money. They promise that you will be reimbursed for the purchase and will ask you to send the funds or share the gift card numbers.
These are some examples of phishing scams but cybercriminals are constantly seeking new, creative ways and methods to deceive unsuspecting victims so be sure to remain vigilant and know how to identify phishing attempts.
How can I identify a phishing attempt?
Phishing can sometimes be difficult to identify, but there are signs you can look for to identify a phishing attempt:
Can Appear Legitimate
Phishing emails may seem legitimate and appear to come from a known contact, a well-known organization, or a program that you use every day at work or school. Inspect all emails carefully and be suspicious of emails from unknown senders.
Provide alternate email
To avoid detection, bypass security measures, and increase their control, phishing emails will often provide and instruct you to contact a different email address.
Contain Links
Phishing emails usually contain links redirecting to a fake site where you're prompted to enter sensitive information, such as logins and passwords. These fake sites can be cleverly designed to look and match real websites!
Use Generic or Urgent Language
These emails typically have grammatical errors and typos, use generic greetings like "Dear Sir" and convey a sense of urgency or threat.
Goal is to Steal Data or Money
The goal of phishing attempts is to steal money or sensitive data by deceiving, fooling, or frightening you into reacting.
Do you have examples of phishing attempts?
Below are real examples of phishing attempts encountered on campus and how to indicate a phishing attempt.