|
Academic Computing and Communications Center | |||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Phishing Email FAQ |
||
|
||
| What does a phishing attack look like? | ||
|
We're getting ahead of ourselves, but look below for examples! :) |
||
| What is fishing, err... phishing, email anyway? | ||
|
Phishing is the term used to refer to email that is sent to you by someone trying to get information from you. That is, they are fishing for information. |
||
| Why the 'ph' instead of 'f' in phishing? | ||
|
It sounds cooler and more hacker-like. |
||
| What kind of information are they phishing for? | ||
|
Phishers are often looking for account credentials -- user names and passwords. You might also see them trying to get your banking information, a credit card, or your identity information. They could really try to trick you out of anything! |
||
| Do they ever try to phish my UIC credentials? | ||
|
I'm glad you asked! Yes, they do! |
||
| Does anyone ever fall for these phishing attacks? | ||
|
Unfortunately, people do. :( |
||
| What happens when someone falls for a phishing attack? | ||
|
Well, when you send your UIC credentials to a bad guy (or girl, there's no monopoly on bad here), the bad guy can do anything with it that you could.
|
||
| What would happen to my UIC account if it got stolen? | ||
|
ACCC has monitors that look for stolen accounts. When the monitors detect a stolen account, it suspends the account and it can be difficult to get it reactivated sometimes. Also, it's pretty inconvenient to have your account taken away when you are waiting for that very important piece of email that will change your life! |
||
| How can I recognize phishing email? | ||
|
Phishing email tends to sound threatening and demands that you "confirm" your credentials or something bad will happen (you will lose your account). |
||
| Any other things I can look for? | ||
|
Often the From: email address and the Reply-To email address in a phishing email are different. This means that if you click reply to actually reply to one of these emails, you will see it sending to some random weird looking email address and not something legitimate like security@uic.edu or systems@uic.edu. |
||
| Where can I find more information about phishing? | ||
|
The Wikipedia entry on Phishing is a good source. |
||
| Where can I find samples of phishing email? | ||
|
We're glad you asked! We will try to add to the list below as we find them. Please check out the emails below for your education and to enjoy the bad grammar. When you receive a message asking you for personal information, the first thing you should do is look at the
An email message that is supposed to come from an official at UIC, for example, would use a uic.edu or maybe uillinois.edu email addresses; certainly not Gmail or Yahoo or other off-campus email addresses. Any of these three things being off the campus is a dead giveaway for phishing. Not to mention that the ACCC would not ask for you netid and password in an email message. Ever. Now for some examples. This one tells you to update your software. It looks very, very real, but it isn't. (But you should update Adobe Reader regularly, but use the Help > Check for Updates function in your Reader software itself. Hints why this is very nasty phishing:
And these are the more common types, trying to get you to give up personal information:
|
||
| What to try out your skills? Take a phishing email test. | ||
|
There are many of them on the Web. SonicWALL has a good one: SonicWall Phishing and Spam IQ Quiz Note that the email program used in this quiz is set up only to display the names in the header email address and doesn't show the Reply-To: email address. If yours is set up this way, it is very important that you change it. And if you can't, you should always look at the long headers of any email message. |
||
| 2012-5-7 security@uic.edu |
|
