Week 1: Phishing

Phishing is a cyberattack where fraudulent emails sent from seemingly reputable sources attempt to trick you into revealing personal information such as account credentials or financial information.

The growth of phishing attacks in both frequency and sophistication poses a significant threat to everyone. It’s important to know how to spot phishing scams so that you can protect your UIC data and your personal information.

There are three common types of attacks: phishing, spear phishing, and whaling.

The most common type of phishing attack is when bad actors impersonate a legitimate organization or individual in an attempt to trick you into providing your login credentials or personal information. This type of email frequently uses threats and a sense of urgency to scare you into providing information without thinking it through.

In spear phishing scams, bad actors not only impersonate the sender of the email, but also customize their attack emails with the target’s name, position, company, work phone number or other information in an attempt to trick the recipient into believing that they have a connection with the sender.

Spear phishers can target anyone within an organization, even top executives, using a phishing attack known as whaling. In whaling attacks, fraudsters attempt to “harpoon” an executive to steal their login credentials, financial information, etc.

  Tips to avoid getting phished:

  • Never click on links in email. Rather, type web page addresses (such as uic.blackboard.com) yourself. Even if you recognize the sender — it could be a bluff. Besides, it’s still not a good idea to click links in email. It’s best practice to use your own bookmark or to type the webpage address yourself.
  • If you do click a link to visit a website, check the URL in the browser to verify that you are visiting a university website that ends in uic.edu or uillinois.edu, for example.
  • Never reply to an email with your sensitive information such as password, credit card number, social security number, etc.
  • Report any suspicious email to security@uic.edu.

A real life example of a Blackboard spear phishing attack:

From: Blackboard Administrator <bb-learn@xyz-uic.edu.io>
Date: November 20, 2017 at 09:14:48 CST
To: Blackboard Users<bb-users@uic.edu>

Subject: UIC-Member Update-Blackboard

Attention Member,

Please upgrade your UIC Blackboard account with the below UIC.EDU-SYSTEM to avoid mailbox termination.

We have upgraded our security system

UIC.EDU-SYSTEM hxxp://uic-learning-system.com/wp-content/UIC/logonuic.html

1200 W Harrison St,
Chicago, IL 60607,USA.