A phish is an attempt to trick you into giving personal information to criminals, which they can use to access bank accounts, credit cards, and health information.
Like a fisherman using a lure to hook a fish, identity thieves try to lure you into giving personal information by making what looks like a legitimate request from an organization you trust. These might look like they are from a bank, credit card company, or even the University. Unfortunately, phishing scams can be highly effective.
Email is a particularly popular tool for phishers. Phishers count on people not really taking the time to read their emails before they click on links or download attachments.
The average person gets 147 new emails per day. That’s a lot of email. To deal with the influx, many of us tend to skim each message. It’s estimated that the average office workers spends just 10-20 seconds reading individual emails.
The odds, then, are in the phisher’s favor. But if you slow down just a bit, you can spot a phish pretty quickly.
Dissecting a Phish
Phishing emails can be about anything, but they all tend to have at least one of these three things in common:
- They are out-of-the-blue emails that ask you to click on a link, reply with your password, or download a file.
The links they provide are either to unknown sites or sites that sound only partially legitimate (like techservices.illinoisuniversity.edu instead of techservices.illinois.edu).
They may have misspelled words or bad grammar.
See an example of a phishing email here: https://answers.uillinois.edu/illinois/page.php?id=48243.
Test yourself! Take this Today Show quiz and see if you can spot the phish (be sure to scroll down to the bottom of the page).
Rules of Thumb
To avoid being phished, follow these rules of thumb:
Keep your passwords private.
Only click on or download email attachments from people or companies you know.
Type the links of official companies (University of Illinois, Chase Bank, etc.) directly into a browser to get to the official site.
Read carefully. If an email has a lot of misspelled words and really bad grammar, it’s probably a scam.
Strangers don’t send millions of dollars to random people on the internet (i.e., you).
Want to know if the University of Illinois really sent you that email? Just call the Technology Services Help Desk at 217-244-7000 and ask.
If you receive a phishing email or phone call, report it to us! Follow these steps to report a phishing attempt and stop identity thieves in their tracks: https://answers.uillinois.edu/illinois/page.php?id=50007.