Effective July 24, security.illinois.edu will redirect to techservices.illinois.edu/security/
Phishing vs spam
Not every email message that hits your inbox is useful. It's possible that close to half of the messages sent to your email address aren't actually delivered due to various filter systems. Even with modern filtering you probably receive many messages that you consider junk and would rather not see. Not all of those junk messages in your inbox are the same; if you see unwanted messages you can always delete them. As a general rule, you should be suspicious of any unsolicited message that arrives in your inbox, but some are more of a threat than others.
Scam messages of all sorts often rely on a sense of urgency or current events to catch your attention. Take the time to follow up and confirm whether a message is legitimate or not. You can always contact the Technology Services Help Desk if you are unsure about a message.
Some messages show up in your inbox and are an active attack against you. Phishing messages are a form of social engineering that try to steal information from you. Often these pretend to be a message from a help desk or some other organization trying to offer some kind of assistance. They may say that your account needs to be updated — click on a link and enter your credentials and you’ll be all set. If you do enter your username and password you’ve likely just given them all the information they need to take over your account. (There are ways to help protect yourself from these scams, like multi-factor authentication, but it’s not always available).
An example of a typical phishing message illustrates there's the promise that you will receive some benefit by clicking on the link. Clicking on the link in this message and entering credentials meant having your direct deposit information changed for your university paycheck.
Spam messages are often obnoxious, but aren’t the threat that phishing messages are. These are unsolicited bulk messages that are sent to try and make money for an organization or individual. A company sends out a massive amount of messages, hoping someone will respond. Some of these messages want you to buy something, some try to get you to "like" or follow a page for increased advertising revenue. In addition to its annoyance, spam is also disruptive. Delivering all of those messages can delay legitimate messages and clog mail servers. To combat this the CAN-SPAM Act of 2003 tried to bring order to email and rein in the spam problem.
This message uses a personal appeal to try and get the reader to click on the link. Who wouldn't be intrigued by a background check?
What to do:
If you receive a phishing message in your University of Illinois email forward it (as an attachment) to email@example.com
If you receive a spam message in your University of Illinois email forward it (as an attachment) to firstname.lastname@example.org
You can click on unsubscribe links in messages. If the organization sending the message is trying to be compliant with the CAN-SPAM Act they will remove you from their mailing list. When unsubcribing do not enter any password in a form.