Classify Your Data          Passwords          Phishing          Social Media Safety          Contact

Avoid becoming a victim of one of the most common online identity theft scams.

What is phishing?

Phishing is a technique identity thieves use to steal your personal information, usually passwords or financial information. Like a fisherman using a lure to hook a fish, identity thieves try to lure you into giving up personal information by making what looks like a legitimate request from an organization you trust. These might look like they are from a bank, credit card company, or even the University. Unfortunately, phishing scams can be highly effective.

Want to know if the University of Illinois really sent you that email? Call the Technology Services Help Desk at 217-244-7000 and ask!

Rules of Thumb

To avoid being phished, follow these rules of thumb:

  • Keep your password private.
  • Only click on or download email attachments from people or companies you know.
  • Type the links of official companies (University of Illinois, Chase Bank, etc.) directly into a browser to get to the official site.
  • Read carefully. If an email has a lot of misspelled words and really bad grammar, it’s probably a scam.
  • Strangers don’t send millions of dollars to random people on the internet (i.e., you).

Dissecting a phishing email

Phishing is often very easy to spot.

Phishing emails are often completely out-of-the-blue emails that ask you to click on a link and enter your password, may have a lot of misspelled words, or want you to download an attached picture, Word document, or PDF.

See an example of a phishing email:

It’s probably a phishing scam if:

  • The email is completely out of the blue and sounds like you’ve been having a conversation with them this whole time.
    • You remember when you purchased something or talked to someone. The scammer hopes you don’t remember.
  • The email asks you to “update your account” by clicking on a form and entering your password, credit card number, or account number.
    • Banks, stores, credit cards, and the University of Illinois will never ask you for sensitive information (passwords, account numbers, credit card numbers, etc.) over email.
  • The sender’s email address is the name of a legitimate company + common email provider. Example:
    • Banks have their own domains. They don’t send emails from common email providers like or
  • The email has a generic greeting like “Dear User” or “Dear Most Honorable Friend and Confidante.”
    • Legitimate companies personalize their greetings to their customers. They know your name. Most scammers don’t know your name (that’s one of the things they’re trying to learn!).
  • There are misspelled words and bad grammar.
    • Scammers tend to be lazy. They don’t take time to proofread.
  • A few words are turned into a link instead of a big, long web address.
    • By turning phrases or words into hyperlinks, it’s easy to make links look safe when they’re really taking you somewhere dangerous. Hover your cursor over the link without clicking it to see where it’s really taking you.

How to Respond

Delete phishing emails immediately. You can also report phishing phone calls and emails: