Don’t Be a Victim! Learn How to Identify Phishing Messages

Date

What is a phishing attack?

Phishing attacks use email or unsafe websites to collect personal information by posing as a trustworthy organization and asking for usernames, passwords, banking or account information, and other sensitive details that could threaten your privacy and possibly lead to identity theft.

Examples of phishing messages:

  • “The school’s webmail system is undergoing an Account Upgrade Process. You are required to reply to this email in the underlying format, Your Username and Password within the next 48 hours to ensure your account remains in the school’s webmail database.”

  • “We suspect an unauthorized activity on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”

  • “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

How to identify a phishing message:

  • The email has an official name like IIT Helpdesk, but it is from an unofficial email address like helpdesk@qq.com or johndoe@iit.edu (most university addresses do not contain first names and last names in this format).

  • The email is asking you to send your password.

  • The email is asking you to open an attachment or click a link and might threaten to close your account or take other action if you don’t respond.

  • The email contains spelling or grammar errors.

Don’t be a victim!

  • Delete emails that ask you to confirm or provide personal information (passwords, credit card and bank account numbers, Social Security numbers, etc.). Legitimate companies don’t ask for this information via email.

  • Be cautious of unsolicited links & attachments, even from people you know. Just because an email message looks like it came from someone you know does not mean that it did — It is easy to make an email message to look like it came from someone else. If you can, check with the person who supposedly sent the message to make sure it’s legitimate before opening any attachments or clicking on any links.

  • Never click on links sent in unsolicited emails; instead, type in a web/email address you know or use a search engine to find the official site.

  • Pay attention to the URL of a website. Unsafe phishing websites may look identical to a legitimate site, but the URL may use a slightly different spelling or a different domain (for example: .com vs. .net vs. .edu).

  • Install and maintain trusted anti-virus software & firewalls. Install security and other updates to keep your operating system & other software up-to-date.

  • Do not forward a suspicious email to anyone. If you are unsure about whether or not an email is a phishing message, please CALL the OTS Support Desk at 312.567.3375, or call the Stuart IT team at 312.906.6575.

What do you do if you think you are a victim of a phishing attack?

  • If you believe you might have revealed sensitive information, report it to the appropriate people within the organization, for example your banks, IIT’s Support Desk (supportdesk@iit.edu, 312.567.3375) or the SSB IT team (itsupport@stuart.iit.edu, 312.906.6575).

  • Using a different computer or device than the one you used when you accessed the phishing email, immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.

  • Find help at Federal Trade Commission’s Identity Theft page http://www.consumer.ftc.gov/features/feature-0014-identity-theft.