Phishing scams continue to target University email accounts.
Everyone needs to be on the lookout for suspicious emails asking for
username and password information. It only takes one or two people to
fall victim to a phishing scam to negatively affect the delivery of EIU
email.
Quick Tips
Never respond to an email asking for password information
Check the URL before clicking on odd looking messages to make sure it's really .eiu.edu
Always make sure the URL ends with a .eiu.edu.
If in doubt, call 581-HELP for advice.
Video by Jake Tobin,Geoff Lawson, Skylar Merritt, and Garrett Mulroney from Cabrillo College
What are Phishing Scams?
Phishing is email fraud in which someone sends legitimate looking emails that appear to come from a well-known and trustworthy web site in an attempt to gather
personal and financial information from a recipient. Remember
ITS will never request your password, nor will we ask you to change or
"validate" your password at a site other than http://www.ezreset.eiu.edu.
If you receive a message that asks for your EIU password, it is a
fraudulent email.
To better understand phishing scams, take a look at the Phishing cartoon on the Security Cartoon website.
How to Identify Phishing Scams
Here are a few questions to ask to help idenitfy phishing scams:
Have I given this person/company my email address before?
If not, there is a good chance this is a phishing scam!
Is the TO: line address to a large number of people or undisclosed-recipients?
Most business and organizations that you have dealt with in the past will address an email to your email address. If you receive an email asking for confidential or personal information, and the TO: address contains a large number of recipients, or is even undisclosed, this email is almost always a scam.
Is the FROM: line your own email address?
Unless you forgot your own personal information and need to ask yourself, this is a scam.
Is there an attachment you were not expecting?
Almost all attachments sent by people or organizations you do not know contain viruses that can steal your personal information.
Does the link in the email look valid?
It is often difficult for the average person to tell if a link an email is valid. Phishing scams often try to mask a URL to trick you into thinking it is valid. However, there are a few simple steps you can take to determine the validity of a link. The easiest thing to do is to place the mouse cursor of the link for a few seconds. This will cause a small window to open showing the REAL address the link wants you to visit.
Carnegie Mellon University has developed a fun, simple way to learn about fake URLs with an online interactive game.
What do phishing scams look like?
Phishing scams come in all forms, the most commonly received by EIU faculty, staff and students are email messages warning that there is a problem with their email account or with the email server. These messages attempt to scare the user into responding, either in email or by visitng a web page, to giving up username and password information.
To help you identify phishing scams, please take a look at a few examples of actual phsihing scams sent to EIU email accounts:
If you are not expecting the email, delete the email. Do not open it. Do not reply. Do not click
on any images or links in the email message. If you suspect that the email might be legitimate or are worried about your email account, call the ITS Service Desk at 581-HELP.
It is also helpful to learn to recognize fake URLs that
were created for phishing purposes. Carnegie Mellon University and
Wombat Security Technologies have developed a fun, simple way to learn
about fake URLs with an online interactive game.
If you are unsure if an email is legitimate, remember to ask yourself the questions listed above to help identify phishing scams.
How Can You Report Phishing Scams?
If you receive an email that is asking for your EIU username and password, please contact the ITS Help/Service Desk.
In addition, there is a government web site where you can report phishing scams. This site collects information and attempts to build cases against these scammers. You can report phishing scams to the government by visiting this FTC site.
Where Can You Find More Informatinon?
Visit OnGuardOnline.gov
for practical tips from the government and the IT
industry to help you be on guard against Internet fraud, secure your
computer, and protect your personal information.
To learn more about
identity theft and how to deter, detect, and defend against it, visit
the FTC's Identity Theft website.