Identify Phishing Scams

Don't take the bait!

This page contains a number of resources to help you learn about the risks of email scams and to teach you how to recognize a scam email. Read on to learn how to foil the phisherman.

How do I identify phishing scams?

If you are unsure if an email is legitimate, ask yourself these questions before replying or clicking on a link. Always keep in mind that University administrators and IT Services personnel will never request your CNetID username or password by email. If an email claims to be from the University, IT Services, or the uchicago.edu team and asks you to give out your private information, it is a scam.

Look at the Header

Look at the Content

Think about the Email's Purpose

Email is NOT a secure way to share sensitive information. Businesses should not ask you to send passwords, login names, Social Security Numbers, or other personal information through email. Be advised that IT Services will never request your password, nor will we ask you to change or "validate" your password at a website other than http://cnet.uchicago.edu.

Examples of phishing scams

Look at our sample list of email scams on our Examples page. Some email scams also try to steal your personal information through ways other than email or online forms. For example, an email like this one requests credit card information by fax. Remember that your bank representative will never request your private information online, by phone, or by fax.

More examples can be found at Antiphishing.org, a phishing email archive database that keeps track of many different phishing emails that are reported throughout the year.

Can I report phishing scams?

Yes. Please report scams to the ITS Security Team that purport to be a University service or if you are in doubt about the validity of an email. You may also report scams to the federal government who collects the information to build cases against any given attacker. To report a phishing scam to the federal government, forward the email to spam@uce.gov. You can also report phishing scams to the Anti-Phishing Working Group, a volunteer organization committed to wiping out phishing scams.

Learn More

Visit OnGuardOnline.gov for practical tips from the federal government and the technology industry to help you identify Internet fraud, secure your computer, and protect your personal information.

Visit the FTC's Identity Theft website to learn more about identity theft and how to deter, detect, and defend against it.

Carnegie Mellon University and Wombat Security Technologies have developed a fun, simple way to learn about fake URLs with an online interactive game. IT Services is not affiliated with the creation of this game or the ongoing research associated with it; however, we believe it is a good resource for anyone interested in protecting themselves from Internet crime.

Visit the Security Cartoon website to learn more about potential dangers on the Internet.