University of Illinois System

Image of credit card with hook. Text saying, "Be aware phishing attacks can happen any time. This has been a drill by Dr. Bailey's NSRG and Technology Services." 

Phishing Awareness Drill:

Phishing, a form of social engineering, is a problem for all organizations and all people. It occurs when an attacker mimics an email, website, or social media message to convince unsuspecting campus community members to disclose their credentials.

Everyone is at risk including Deans, Faculty, and even IT Professionals. Technology Services has teamed up with the College of Engineering's Networking and Security Research Group managed by Dr. Bailey to study and raise awareness about phishing attacks the university receives every day*. Our goal is to give employees practice to protect valuable university assets from fraudsters.

This page provides information about the phishing drill. In the case of an actual phish attack your information could be used to perform identity theft, steal paychecks, and be used to negatively impact the university's teaching and research mission.

  • The email you received was a test written by Dr. Bailey's research group and sent from an off-campus server.
  • This was a look-a-like website designed to mimic real attacks seen on campus.
  • Because this was a university sponsored drill, no password was stolen and does not need to be changed.
  • Phishing and compromised accounts are a major risk to campus operations and research.

*This drill was carried out with approval from the Chief Information Security Officer Joe Barnes. The research was led by Dr. Michael Bailey and was approved by Institutional Review Board as part of project IRB #18554

Five Tips on How to Identify a Phishing or Spoofing Email

Verify the From Address

Probably the easiest way to identify if an email is legitimate or not, is to simply hover your mouse arrow over the name in the From column. By doing so, you will be able to tell if the email is from a recognizable domain that is linked to the actual sender name. For example the sender’s email address is the name of a legitimate company + common email provider such as uofi@hotmail.com then it is likely a phish. In this case it was a spoofed real account but this is still a good first step in identifying phishes.

Are the URLs legitimate?

It is best practice to not click on links. Instead open a new window and go to the site directly without using the email link provided in an email. If the link is from the university look to verify it first by contacting the sender directly or verifying the information with your local IT pro or Technology Services helpdesk.

Request for personal information

Banks, stores, credit cards, and the University of Illinois will never ask you for sensitive information (passwords, account numbers, credit card numbers, etc.) over email. Emails that asks you to “update your account” by clicking on a form and entering your password, credit card number, or account number are likely phishing and should be deleted and reported immediately.

Urgent/Too good to be true

If an email seems too good to be true, it most likely is. Be cautious with any message offering to place money into your bank account by simply “clicking here”. Also, if the content places any kind of urgency as far as “you must click into your account now”, it is most likely a scam and should be marked as “junk”. Any requests from the university should be verified via your local IT pro, helpdesk, or another method beyond email.

Suspicious attachments

Verify that you were expecting information from a sender before opening it. Random attachments are often the vector for malware. If you are suspicious contact the person who sent you the data via skype, phone, or another platform to ensure they intended to send you the attachment.

Frequently Asked Questions regarding Phishing or Spoofing Email

How would I know if my University credentials were compromised?

You may not always know. Scams and malware that steal passwords are designed to be stealthy and unnoticed.

Passwords are most frequently compromised one of three ways:

  • Being tricked to giving up your credentials at a real-looking but scam website (aka Phishing)
  • Malware or other compromise of your device which installs software designed to run in the background and steal passphrases
  • Re-using University credentials for non-University websites, and the non-University websites are hacked and all credentials exposed

 

Who do I contact if I think my University credentials were compromised?

  • If you believe your University credentials have been compromised, you must reset your University passphrase immediately. Visit, http://go.illinois.edu/password
  • Contact the Technology Services Helpdesk at consult@illinois.edu

What if my personal email account, bank account, or other accounts were compromised?

  • Immediately change your passwords for any potentially compromised accounts.
  • Contact your bank or financial advisor to let them know your accounts may be compromised and ask them to put a fraud alert on your accounts.
  • Check your bank and financial statements and credit reports to regularly to identify any false charges or suspicious activity.

Do I only need to worry about Phishing attacks via email?

Phishing attacks can also occur through phone calls, texts, instant messaging, or malware on your computer which can track how you use your computer and send valuable information to identity thieves. It is important to be vigilant at all times and remain suspicious of sources that ask for your credentials and other personal information.

Doesn't Two-Factor (2FA) protect me against phishing?

The use of 2FA mitigates some of the risk and damage. However not all services are protected by 2FA, moreover we are seeing phishing attempts as well that compromise 2FA. The goal of 2FA is not to replace passwords but rather use them together to add additional protections.