PhishingLearn to identify common scams and traps.
Can I report a phishing scam?
IT Services has introduced a new, easier way to report suspicious emails from your University Outlook or Gmail inbox. This new feature, called Report Phish, allows you to report phishing or other suspicious emails with the click of a button. The Report Phish button will gather a complete copy of the reported email for automated analysis and send to the Information Security team for further action in stopping a potential phishing attack. For more information about this tool, read the Report Phish FAQ.
If you have any questions about phishing or have any other security concern, please contact firstname.lastname@example.org.
You may also report scams to the federal government at email@example.com, which collects information to build cases against phishers, or the Anti-Phishing Working Group, a volunteer organization committed to wiping out phishing scams.
What Is a Phishing Scam?
A phishing scam is a legitimate-looking email that appears to come from a well-known and trustworthy organization or website but is really an attempt to gather personal and financial information from a recipient. Although this article focuses on email scams, remember that phishing scams can come in other forms too, such as via fax.
Two Common Types of Phishing Scams
The first type of scam asks you to respond to an email with your account password or Social Security number in order to prevent immediate closure of your bank account, email account, or some other service. No reputable organization will ever send an unsolicited message requesting this kind of information. If you ever receive a message that asks you to send in your CNet password, for example, it is a fraudulent email.
The second type of scam asks you to click a link to a fake site that might somewhat resemble a site or service you actually use, and log in with your password to verify your account. UChicago IT Services will never request your password, nor will we ask you to change or “validate” your password at a site URL other than http://cnet.uchicago.edu. You should never use your CNetID to log in at a domain other than myaccount.uchicago.edu.
If you’ve responded to either of these types of scams, you’ve placed your personal information in the hands of scammers, who can misuse it.
How do I know if a message I received is a phishing attempt?
Review the simple guidelines for identifying phishing emails included below.
Be suspicious of any email with urgent requests for personal information.
Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately. They typically ask for information such as your username, password, credit card numbers, social security number, or date of birth. Phishing emails will are usually worded generically, although occasionally phishers will go to the trouble to personalize them to make them seem more credible. If you receive an email requesting any kind of personal information, verify the source of the request by calling the person or organization in the From field before you respond or open any attachments.
Never share passwords, personal information, or financial information over email.
You should only provide private information such as credit card numbers or account information using a secure website or telephone. Email is not a secure way to send sensitive information.Never email your password, personal information, or financial information. Likewise, because there is no way to check the security certificate of pop-up windows, do not use them to provide sensitive information even though they may look official or claim to be secure. Close pop-up windows by clicking the X in the top right corner. Do not click a Cancel button on a pop-up; it may be a trap!
Do not click links in email messages if you suspect the message might not be authentic or if you don’t know the sender.
Always verify the real target address of a link by hovering the mouse over the link before clicking it, or type the link yourself in your browser window.
Don’t trust offers that seem too good to be true.
What’s too good to be true is probably too good to be true. If you don’t remember a relative, you probably don’t stand to inherit millions of dollars from him or her. If you don’t remember entering a lottery, you probably haven’t won anything. Exercise common sense before responding.
Recent Phishing Scams
From: "President uchicago" <firstname.lastname@example.org> Date: Mon, 3 Aug 2020 13:31:54 -0400 Subject: Available: are you on campus now ? -- Best regards Robert J. Zimmer The University of Chicago 5801 South Ellis Avenue, Suite 501 Chicago, Illinois...
Subject: Assessment: July 15TH From: email@example.com Date: Wed, 15 Jul 2020 Confirm if you are free? Need you to run a quick request. Get back to me as soon as you can. Thanks Régine Desruisseaux Enuson
Email Scam (Jul 06, 2020): “Top Urgent Delivery Notification: 5 messages to firstname.lastname@example.org delayed for 48 hours”
From: email@example.com Date: 2020-07-06 00:11:24 [UTC-05:00] Subject: Top Urgent Delivery Notification: 5 messages to firstname.lastname@example.org delayed for 48 hours Message generated from uchicago.edu source. You have some pending messages Your emails on...