Phishing

Many times they are full of grammatical errors. They often pretend to be from individuals or companies that you have never heard from, selling things you don't want. While clumsy phishing attempts usually pose little threat, replying to them can indicate to the identity thief that your email address is a valid one, and that you may not be smart enough to recognize a phishing attempt.

Therefore, the best approach to take with clumsy phishing attempts is to simply delete them.

The reason is that the thieves take the time to craft carefully worded emails from sources you know and may already be doing business with. Common clever phishing emails appear to come from sources such as credit unions, banks, credit cards, eBay and PayPal. These emails will approach you asking you to verify account information (your account number, your password, etc).

There are several ways to spot a clever phishing email. The first way is to realize that the University of Illinois, nearly all banks, PayPal, eBay and credit card companies will NEVER ask you for your account information by email.

The second way is to look closely at the email address that sent you the message. Often times, clever phishing attempts will be sent from a name that looks reputable (i.e. "eBay Customer Service") but when you look at the actual address it is sent from, it is clear it is not from eBay at all. You should look at the server portion of the email address. The server portion is the section immediately following the @ sign. For example, in the address, test@uiuc.edu, "uiuc.edu" is the server.

A clever phishing email can be spotted because the server portion of the sender's email will not match up to the sender. For example, a clever phishing email from eBay will not be sent from an eBay server. Instead it could look like "ebay@userhost.com"

Sometimes, identity thieves will spoof the entire email address, making it look entirely legitimate. In those cases, you must look for other clues, such as links to web sites not related to the company, in order to spot the phishing attempt. If you are worried about your own email address being spoofed, you can find more information on email spoofing on this page.

In these cases, not only will an identity thief send an email pretending to be from a company or institution that you know, but they will try to include specific information about you. This is often referred to as spearphishing as it is targeting just one person. Usually that person is targeted because of the valuable information that they can access with their accounts.

These emails can be incredibly tricky to spot as an identity thief will include specific information already gathered about you such as the last four digits of your credit card number, your bank account number, or your address, for example. You can protect yourself from these messages by remembering that nearly all companies will never ask you for personal information through email. If you still have doubt about the validity of an email, do not hesitate to call the company that allegedly sent the email.

Also, checking the email address as noted above will many times tip off that the email that was sent was a phishing attempt. You should also type in web addresses instead of clinking on links, as phishing links will often take you to a phony site.