Phishing is the fraudulent practice of imitating a legitimate communication in order to trick individuals into giving out sensitive information such as account credentials, or in order to gain unauthorized access to a computer. Phishing scammers may send an email that appears to be from a trusted source, or may pretend to call from a reputable organization.
In recent years, phishing attempts have become more sophisticated. In order to protect yourself from phishing, you should be educated on the telltale signs of a phishing attempt. This article will provide you with information on how to identify phishing attempts, as well as what to do if you believe you have fallen victim to one of these scams.
Here are some tips to follow
Never send your password in email!
Illinois State University will NEVER ask for your password.
Some phishing emails ask you to “verify your account” by replying with your user name (ULID) and password. In reality, if you send your password in email, you are giving it to the phishing scammers.
Be cautious when asked to log in with your ULID and password.
Be suspicious of emails that ask you to “log in” to verify your account.
Some phishing emails include links to the website where you are asked to log in. The idea is that by logging in, you are “verifying your account” so that you don’t lose it. In reality, the website is a fake, just like the email. It might even look like a real Illinois State website, but when you “log in” you are really sending your ULID and password to
the phishing scam artists.
Phishing scammers rely on deception and oftentimes a fake sense of urgency to trick you into compromising your own account. Educating yourself on the tricks commonly employed by phishing scammers will help you avoid falling victim to them. The following articles serve as guidelines for what to look for when you believe something may be a phishing attempt:
- How to Avoid Phishing Scams and Phone Scams and Identity Theft
- How to Protect Yourself Online
- How to Recognize Phishing Emails
If You Believe You Are a Victim of Phishing, Do The Following…
If you believe you may have been a victim of phishing, you should immediately change your password and security questions. Depending on how much information the phisher was able to acquire, you may need to take additional steps to secure your account. Your account may have also been disabled by Illinois State University if there is suspicion it may have been compromised.
Secure Your Account by Changing Your Password and Security Questions
If you input your account information into a phishing site, or gave such information over the phone, you should change your password and security questions. The following articles may be of use to you if you are having difficulties with changing your password:
- How Do I Change My ULID Password?
- How Do I Change My Security Questions?
- What If I Forget My ULID Password?
If You Suspect Your Account Has Been Compromised
After your account has been secured by changing your password, you may want to review the following articles. This may help you understand how you were compromised – and additional steps you may want to take. You may also want to take additional steps if you entered information other than your Illinois State University credentials (such as bank information or social security numbers).
- Understanding Phishing Emails and How My ULID Account was Compromised
- What to do if you Suspect your ULID Account May Be Compromised?
- What To Do If You Are A Victim Of Identity Theft?
If You Gave Access to Your Computer or Downloaded Files
If you gave access to your computer to the phisher, or a phishing attempt lead you to a site where files were downloaded, you will want to scan your computer for Malware. Malware is malicious software which runs on your system and attempts to steal information such as passwords, account numbers, credit card numbers, social security numbers, and more.
Members of the university have several ways to have their computer scanned for Malware. If you are a student, or a faculty member, and your personal device was compromised, you can contact TechZone. While TechZone does charge for a few services, most of their offerings (such as Malware removal) are completely free of charge. You can also scan your own computer for Malware using special scanning software. There are a variety of malware scanning programs available, but Illinois State University recommends MalwareBytes. If you need assistance running a MalwareBytes scan, see the following article:
If you believe a University-owned device was compromised with malware, you should contact your local tech team instead.
Reporting phishing attempts to Illinois State University
If you see an email that you believe to be a phishing attempt, you should report it to Illinois State University. All phishing attempt should be reported to the Technology Support Center at SupportCenter@IllinoisState.edu. The Technology Support Center will review the phishing email and notify the campus community via Tech Alerts if the message appears to be impersonating University staff. Reports should be sent as an attachment rather than forwarded. For information on how to forward as an attachment see, Forward an Email as an Attachment in Outlook
How to Get Help
For technical assistance, you may contact the Technology Support Center at 309-438-4357, or by email at SupportCenter@IllinoisState.edu.