Author: Zara Odafe
Zara is a student employee with Technology Services. She is a junior at Illinois majoring in Communication.
Phishing is used to manipulate people into providing personal information via email, text messages, and malicious websites. The messages can contain advertisements, urgent mass mail messages, fake Covid-19 results, and many more misleading messages. Phishing is used to get people to send personal information in the hopes of using that information for fraudulent motives. From 2009-2017 around seven million phishing messages were submitted to PhishTank.org, a research website that tracks phishing attempts. Users from all over the world submitted their own phishing examples.
In recognition of cybersecurity month, the Cybersecurity Training and Awareness team set a goal to educate faculty, staff, and students about phishing. On October 26, a “Phish Market” was held at the Digital Computer Lab (DCL). People walking by were invited to take part in the event and expand their knowledge about phishing. Technology Services staff provided fish-related games, cybersecurity prizes, a photo booth, and leave with Technology Services merch. A few staff members dressed up in fish costumes. This event was developed to create a fun atmosphere out of a serious subject and to educate people about keeping their accounts safe and secure from phishing messages.
Glen Shere, a cybersecurity engineer, dressed up as a fish during the event, explained that the goal of phishing is to get people to give up their passwords and take over their email accounts. The people behind phishing attempts—often called social engineers s— use peoples’ accounts to access resources like academic papers, research resources, and other academic accounts that are associated with the individual’s university accounts. For example, social engineers can access people’s PayPal and Amazon accounts from data in their stolen information. Phishing can have serious consequences that can be hard to undo and even financially harmful.
Faculty, staff, or students who receive a message disguised as being from the university should delete the message or report it. Visit the UIUC Tech Help Center and select Submit a Tech Request or the Tech Services website and select Contact the Help Desk to report the questionable message. A summary of the phishing attempt can be submitted and attach a screenshot if desired.
Phishing can be more easily identified when people are informed about how it occurs and the preventive actions they can take.
Tips to Avoid Phishing Attempts
- Review official university communications archives if something appears suspicious.
- Massmail emails can be viewed at https://massmail.illinois.edu/massmailArchive.
- IT-related messages can be viewed at https://techservices.illinois.edu/it-staff-resource-guide/.
- Use the Duo Mobile app to help secure your accounts. Log in notifications received on the app should only come from the owner of the account and not another entity.
- Hover over linked text to see the URL where the link will take you before clicking.
- If you receive a suspicious email from someone, email them separately to confirm they sent the message.