Your browser is unsupported

We recommend using the latest version of IE11, Edge, Chrome, Firefox or Safari.

Phishing Emails: How to Recognize and Protect Yourself from Online Scams

Posted on October 17, 2025
A person clicking on a button that says

Phishing Emails

Phishing emails are a form of social engineer that impersonate known organizations or people to try to trick recipients into divulging sensitive information or downloading malware.  Phishing emails can target people’s personal email address as well as their work email address.

How phishing Attacks Work

Phishing attacks will try to manipulate you into doing what the attacker wants.  They may try to do the following:

  • Intrigue their audience with the subject matter
  • Threaten, build a sense of urgency, curiosity, or otherwise invoke an emotion in the audience
  • Impersonate the University, staff, students, email addresses, web addresses, authority figures, government agencies, vendors, etc.
  • Copy the University’s or a vendor’s logo from an official website and add it to their emails to build credibility
  • These emails will try to get you to click on a link that may take you to an official-looking site that may then prompt you to enter your credentials or personal information
  • Entering your credentials or personal information gives the attacker that information
  • Clicking on a link may take you to a site that downloads malware to your computer in the background, so you don’t see it happening.
  • Everything in an email that is clickable can and usually is weaponized in a phishing email, even the unsubscribe link
  • Phishing emails will sometimes have an attachment; opening the attachment can launch malware
  • One common type of phishing email with an attachment will claim that there is a resume attached, but it will launch malware when someone attempts to open it
  • Sometimes the attachment contains contact information and instructions to reply using your personal email address or phone number, which is a way for them to bypass our email security protection tools

 

Spotting Phishing Attempts

To identify potential phishing attacks, consider the following questions:

  • Do you know the sender or caller?
  • Watch for unknown contacts requesting personal information or taking urgent actions
  • Were you expecting this communication?
  • Watch for unexpected emails, especially those requesting sensitive information is a red flag
  • Does the email create a sense of urgency or fear?
  • Watch for attempts to play on an emotion, maybe by threatening something, or raising a level of curiosity
  • Is the email offer unbelievable or too good to be true?
    • Beware of unique opportunities for a job, research study, or to purchase a product
  • Are there discrepancies in contact details?
  • Watch for slight variations in email addresses that mimic legitimate ones, or that ask you to reply using a different email address than the one the email is from
  • Are you being asked to share personal or senstive information?
    • Never share information with someone you don’t know. Your social security number, credit card information, and passwords should never be shared in email, email is not a secure way to share senstive information.
  • Are you being asked to click on links or open attachments?
  • Watch for unexpected emails or texts trying to persuade you to click on links or opening attachments

Protecting Yourself from Phishing Attacks

Verify Requests Independently

  • Contact the supposed sender through known good contact information to validate that they sent the email
    • For example, lookup someone’s UIC email address or phone number to contact them to verify the message
  • If the email is unexpected from an unknown sender and is unrelated to you or your work, consider just deleting the email
  • When in doubt, you may always send the message to security@uic.edu for advice
Modified on October 17, 2025