While this may be a legitimate request, the spammy character of his distribution method leads us to distrust this message if you received it. We recommend you delete without opening any attachments or clicking any links.
This is an example of a snail-mail phishing scam! If you receive a notice requesting payment for your xxxxxxxxx.illinois.edu website or domain, you do NOT need to pay it. University websites and sub-domains are managed internally.
Below is an example of a fake invoice. You’ll notice that it says it is NOT a bill, but an offer, which acts as legal cover for this kind of fraud.
The following legitimate email was sent to the university community on 9/4. Reposting here for archival purposes due to relevance to this site.
Dear University Community,
In an effort to further enhance our cyber defenses, we want to remind you of a common cyber-attack that everyone should be aware of – phishing.
“Phishing” is the most common type of cyber-attack that affects individuals and organizations. Phishing attacks can take many forms, but they all have a common goal – getting you to mistakenly disclose sensitive information such as login credentials, credit card information, or bank account details.
Although we maintain security controls, provide awareness training, and conduct phishing simulations and tests to help protect our campus community from cyber threats, we need your help as the first line of defense.
What You Can Do
To avoid these phishing schemes, please observe the following best practices:
- Avoid clicking links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
- Never provide sensitive personal information (like usernames and passwords, Social Security Numbers, financial information) over email.
- Watch for email senders that use suspicious or misleading domain names. Look closely at the email address of the sender.
- Beware of any shared document that you’re not expecting to receive.
- Be especially cautious if you receive an email containing a warning banner indicating that it originated from an external source.
- If you are unsure if an email is legitimate or not, please contact your local IT support or the Technology Services Help Desk, 217-244-7000 or firstname.lastname@example.org.
Thanks again for helping to keep our network, and our people, safe from these cyber threats.
Chief Privacy & Security Officer
University of Illinois at Urbana-Champaign