Effective July 24, security.illinois.edu will redirect to techservices.illinois.edu/security/
Hackers don't care how they access the information they're after. When necessary they develop sophisticated attacks, but they certainly aren't opposed to taking the path of least resistance. Why spend time hacking a server to gain access when you can just ask? Phishing is a successful tool in their aresenal, so they continue to use it.
They can use phishing to get usernames and passwords to access systems to install malware and steal information. Target's data breach started as just such a phishing attack. Other times hackers go after individuals to steal from their bank accounts, credit cards, and other accounts. Phishing is especially dangerous because it doesn't require much technological skill to implement. Crude phishing attacks may just ask users to reply with their password. Phishing attacks are becoming more sophisticated: instead of asking for the password in an email reply a phishing message might point users to a web form that attempts to collect the passwords. The most sophisticated attacks will spoof, or attempt to copy, a legitimate login page and steal credentials when they're entered.
How do you protect yourself from phishing?
Familiarize yourself with the techniques that phishers use. You can learn more about at our phishing page.
What can you do if you receive a phishing message?
If you receive a phishing message at your University of Illinois email account you can forward it (with headers) to firstname.lastname@example.org. You can see examples of phishing messages and check to see if the message is a known phishing attack at our phishing hole page.
If you have questions or would like to learn more about cyber security, please email email@example.com for more information.
Follow @citessecurity on Twitter for awareness and news.