Welcome to the Phish Tank
Eastern Illinois University receives phishing attacks on a regular basis. So we decided to take all of the attacks we receive and put them here for you to see. For you benefit we have marked up each attack to help you identify the warning signs of a phishing attack. So take a look at the many ways these attacks try to obtain your account information.
Lessons in Phishing
Catch of the Day
The Catch of the Day – Is it You?
You may have noticed recently that the number of phishing email attempts have increase this summer and you’re not alone. Worldwide there is an increasing trend in phishing attempts and there is a good reason why we are seeing this increase. Information security has greatly improved in the past 10 years, making it very hard for hackers to successfully implement their attacks on a technical level. Hackers will always take the path of least resistance and because of improvements in technical security controls currently the path with the least resistance is the user.
To bypass technological security controls hackers are increasingly using social-engineering tactics or in other words a hacker is a con-artist with a computer. People have always wanted to be thought of as honest, prudent, and decent and if their integrity is challenged by an authority figure, even a fake one, their need to demonstrate their innocence will trump common sense. This was true even before the internet even existed. The difference is that the modern con-artist can target a much larger audience and invest very little of their own time and money. It cost very little to send a group of people an email to fool them by exploiting their natural human predispositions.
With that though, users are becoming more aware of phishing attempts and hackers are already adapting to this increase in awareness. Hackers are employing a new method called spear-phishing. Unlike regular phishing, which sends large numbers of emails to large numbers of people, spear-phishing refers to sending a phishing email to a particular small group. Hackers also heavily customize spear-phishing emails using public information from the web to make the emails seem more authentic. Unfortunately, preventing phishing attacks is impossible from a purely technological standpoint. Users should educate themselves to resist such attacks. I good method to prevent becoming a victim is to take a moment to question the request. Most, if not all phishing attempts have some kind of error, be it wrong information about the university or improper use of grammar. If a user is unsure about the safety of any email they receive they should contact the help desk. There is no harm in asking the help desk if an email is legitimate or not.
Additionally, if you receive a phishing email please forward it to information security so that we can notify the rest of campus. If you fall victim to a phishing attack don’t panic. Contact the help desk right away and they will help you through the process of securing your account again. We understand that mistakes like phishing are going to happen. If you are contacted by ITS about a compromised account be honest and inform them of any information you may be aware of. There are no repercussions if you fall victim to phishing. ITS is just determining what information was transmitted after the account was compromised and if any of it was sensitive. Currently, information security is improving its methods to warn and train the EIU community to recognize phishing attempts. User should remember that ITS will never ask for your password or sensitive information through email or a webpage link provided in an email. Remain vigilant and protect yourself from becoming the catch of the day!