Phishing Attacks

Phishing attacks are part of life in the digital world, so we have prepared this document to help you minimize the risk of unauthorized account access.

What to do right away

If you have received a suspicious email, please forward it to ITSServiceDesk@luc.edu for further investigation.

If you believe that you have fallen victim to a phishing attack, reset your password immediately at: http://www.luc.edu/password. We also recommend resetting your password on any service (such as Amazon, Facebook, Instagram, Reddit, Spotify, etc.) which uses your Loyola email address as the user id.

You may also not be receiving email. To resolve this, log into your email account and check the following:

1. Inbox/Sweep Rules that you may not have created and delete them (Gear icon > type Rules into search box > click "Inbox Rules").
2. Forwarding you may not have set up and stop it (Gear icon > type Forwarding into search box > click "Forwarding"). The attached PDF has outlined this process.
3. Check your Sent and Outbox folders and delete anything that has not been sent by you.
4. Do not reply to suspicious emails or notices of undelivered messages. Simply delete them. Note: It may take several days to rid your mailbox of these and auto-replies.
5. Consider running anti-malware scans on your personal devices.

About Phishing Attacks

Phishing is an attempt to steal sensitive information, such as your social security number or passwords, by posing as a trusted organization. Think of a person throwing a net into the water in hopes of bringing up a catch. In this case, the person fishing is a thief and the netted catch is your personal information.

Most phishing attacks arrive via email, claiming to come from a legitimate organization such as the University, a bank, or government entity. The message asks that you reply or click a link provided in the email in order to validate an account. Unfortunately, the information entered goes to the thief. Criminals use this information in order to attempt identity theft and other fraudulent acts.

How do I recognize phishing?

Phishing attacks can be both obvious fakes as well as astonishingly sophisticated. Here are some general rules that can help you avoid falling victim:

1. Loyola University Chicago -- and other trusted organizations -- will never solicit any sensitive information via email. Treat with extreme suspicion any email message that asks you to verify account information or enter a password.
2. Additionally, be suspicious of any email message that contains a link which hides the full address (http://etcetcetc).
3. Check the address bar of your browser for the green lock icon, the word 'Secure,' and that the website begins with https://. These are signs of a website configured to handle sensitive personal information. However, do not rely on those clues alone.
4. Call the customer service office of the purported organization if you are suspicious of the authenticity of an email message or website.
5. Almost any company that can contact you via email could also contact you via phone. Legitimate organizations will share multiple contact methods for reaching them with any questions. Almost all legitimate organizations, especially financial institutions, will attempt to contact you through a means other than email before taking any action against your account.
6. The University Information Security Office provides advice and tips on better avoiding phishing attacks and online fraud. Check out their website here: Phishing Awareness