Privacy and Information Security | University of Illinois

Unwanted Email

Email serves many purposes: we use it at work and in our personal lives to communicate and complete the tasks we need to. Though it’s only 40 years old (and didn’t gain popularity until the early 1990s) it’s hard to imagine life without it.

Phishing vs spam

Not every email message that hits your inbox is useful. It's possible that close to half of the messages sent to your email address aren't actually delivered due to various filter systems. Even with modern filtering you probably receive many messages that you consider junk and would rather not see. Not all of those junk messages in your inbox are the same; if you see unwanted messages you can always delete them. As a general rule, you should be suspicious of any unsolicited message that arrives in your inbox, but some are more of a threat than others.

Scam messages of all sorts often rely on a sense of urgency or current events to catch your attention. Take the time to follow up and confirm whether a message is legitimate or not. You can always contact the Technology Services Help Desk if you are unsure about a message.

Phishing

Some messages show up in your inbox and are an active attack against you. Phishing messages are a form of social engineering that try to steal information from you. Often these pretend to be a message from a help desk or some other organization trying to offer some kind of assistance. They may say that your account needs to be updated — click on a link and enter your credentials and you’ll be all set. If you do enter your username and password you’ve likely just given them all the information they need to take over your account. (There are ways to help protect yourself from these scams, like multi-factor authentication, but it’s not always available).

An example of a typical phishing message illustrates there's the promise that you will receive some benefit by clicking on the link. Clicking on the link in this message and entering credentials meant having your direct deposit information changed for your university paycheck.

Spam

Spam messages are often obnoxious, but aren’t the threat that phishing messages are. These are unsolicited bulk messages that are sent to try and make money for an organization or individual. A company sends out a massive amount of messages, hoping someone will respond. Some of these messages want you to buy something, some try to get you to "like" or follow a page for increased advertising revenue. In addition to its annoyance, spam is also disruptive. Delivering all of those messages can delay legitimate messages and clog mail servers. To combat this the CAN-SPAM Act of 2003 tried to bring order to email and rein in the spam problem.

This message uses a personal appeal to try and get the reader to click on the link. Who wouldn't be intrigued by a background check?

Example of a clickbait message

What to do:

If you receive a phishing message in your University of Illinois email forward it (as an attachment) to security@illinois.edu

If you receive a spam message in your University of Illinois email forward it (as an attachment) to report-spam@illinois.edu

You can click on unsubscribe links in messages. If the organization sending the message is trying to be compliant with the CAN-SPAM Act they will remove you from their mailing list. When unsubcribing do not enter any password in a form.