See Support Hours
A phishing scam is an email in which the perpetrator sends legitimate-looking emails that appear to come from a well-known and trustworthy organization or website, in an attempt to gather personal and financial information from a recipient. Although this article focuses on email scams, remember that phishing scams can come in other forms too, such as via fax.
The first type of scam asks you to respond to an email with your account password or Social Security number in order to prevent immediate closure of your bank account, email account, or other service. If you receive a message that asks you to send in your CNet password, it is a fraudulent email.
The second type of scam asks you to click on a link to a fake site and log in with your password to verify your account. IT Services will never request your password, nor will we ask you to change or "validate" your password at a site other than http://cnet.uchicago.edu; you should not be asked to login with your CNetID at a domain other than uchicago.edu.
If you've responded to either of these types of scams, you've placed your personal information in the hands of scammers, who can misuse it.
Here are a few simple guidelines to avoid falling into phishing scams. See our Identify Phishing Scams page for a step-by-step guide on how to identify phishing emails and our Phishing Examples page for real-life phishing examples.
One of the most common means by which computer viruses and worms spread is through email attachments. When opened, these attachments can give hackers complete control of your machine, initiate an attack on another machine, or start sending out copies of itself to email addresses it finds in your address book. Malevolent software (malware) of this type has crippled personal machines, email servers, and networks at the University and elsewhere.
Here are a few simple guidelines to ward off malicious attachments: