True Stories: Beware of Phishing & Email Scams + Cybersecurity Quiz
To celebrate National Cyber Security Awareness Month (NCSAM), each year, UIC Technology Solutions develops a unique campaign promoting cybersecurity. This year’s campaign - True Stories- features real scam attempts at UIC. Week 1 covers phishing, a type of email scam students may come across.
Email & Phishing Scams
A common email scam you may come across is known as “phishing.” Scammers send emails aimed at tricking you into thinking they are legitimate. They can appear to be from a business, classmate, professor, even the University! Their goal is to get you to open an attachment, or click on a link to a fake website and enter sensitive information like your login and password.
As soon as you click on a phishing email link or attachment, your personal information and data are at stake! Scammers can use information you give them to access your email, bank, or other accounts. Opening an attachment can install malware, a type of software that is capable of destroying data and stealing information.
Phishing is a type of email scam where the sender wants you to click on a link and enter sensitive information on a fake website or open a malicious file attachment.
The UIC Information Security team works diligently to mitigate and prevent cyberattacks, but some can occasionally slip through defenses. Below are some of the scams our team and community have encountered:
- Account Cancellation
This scam claims you’ve requested an account to be cancelled. It can be a UIC account, bank account, user account, etc. Scammers claim you need to log in to reverse the cancellation request, and send you a link to click on. In reality, the information you provide to login to the fake site is captured and used by the attacker to login to the real site and do damage.
- Password Reset
This is a common scam email stating you have requested a password reset. Chances are you likely did not, so you may be alarmed and will quickly click on the link without much thought.
- Shipping Notifications/Order Cancellations
These emails can be hard to detect as scammers will mimic real email notifications sent by companies such as Amazon, FedEx and UPS, to make you think they are legitimate. Be sure to hover over links and see what URL they actually redirect to.
- “Urgent” Request
Scammers pose as a classmate or UIC employee claiming they have an emergency and need you to purchase a gift card or transfer money. They use urgent language and are not available to talk on the phone but need an urgent favor or request handled immediately. Don’t be fooled or rushed into anything.
- Open an “important” attachment or voicemail
Scammers will use spoofing technology and send emails posing as members of the UIC Community with the goal to get you to open “important attachment”, or links to a “voicemail message”. Be careful! Opening attachments can install malware and voicemail links redirect to fake pages prompting you to enter login credentials.
- Unemployment or Financial Updates
There’s been an increase in unemployment and financial aid scams. Be wary of emails with attachments stating there’s been an update on a claim, status, or request – especially if you did not file one! Attachment examples include an unemployment claim update, financial aid, reimbursement status, tax refund status, paycheck or other document that preys on your curiosity.
Protect Yourself from Phishing
Those are just a few examples of phishing scams we’ve encountered but cybercriminals are getting more creative every day! Follow these tips to recognize phishing and email scams.
- Slow down & think
Phishing emails prey on emotions such as fear and curiosity, and hope to catch you off guard. Stop and think before opening an attachment or clicking on a link and entering your sensitive information on an unfamiliar website.
- Always make sure the emails are legitimate
Cybercriminals can use spoofing technology to mimic email addresses so they can actually appear to come from a “@uic.edu” address. They will usually ask that you reply to an alternate email address.
- Hover over links
Instead of clicking, hover your cursor over any hyperlinks or URLs to see where they actually go to first, and if you are in doubt, contact the person or organization who appears to be sending you the information to confirm they did send it.
- Trust your security features
Many email services, anti-virus software, and even cellular providers have various types of “anti-scam” security that may warn you regarding potential scams. Take these warnings seriously and consider them carefully before taking any actions.
- Don’t use an untrusted device
If you find a USB stick, random disc, or any other type of media storage, do not attempt to use them! They could easily be filled with malicious software that will launch without your knowledge when plugging them into your devices. The same goes for charging cables for your phone or laptop received from untrusted sources.
- When in doubt
If you are ever in doubt, please forward any suspicious emails to firstname.lastname@example.org.
Entered your credentials on a suspicious site?
- Change your password immediately by going to the UIC Help Center (help.uic.edu) and select Reset Password or going directly to the NetID Center.
- If the scam involved the loss of money or property, contact the UIC police (police.uic.edu).
- Email email@example.com and explain what occurred. The UIC Security team will monitor your accounts and ensure no suspicious activity is taking place.