Information Security

Phishing

Ongoing Active Threats

The Office of Information Security at NIU is providing regular information on the latest Phishing scams in the Blackboard Organization: InfoSecurity: Recent Phishing Scams (https://webcourses.niu.edu/).

Each employee that takes the Annual Information Security Awareness Training has been enrolled in this organization and has access to this list of Phishing scams. You will see the list in the Content area of this Organization.

Please familiarize yourself with this information and refer to these messages whenever you are not sure if a message you received is a phishing scam.

There has been a recent increase in phishing campaigns that are targeting NIU employees.

These phishing emails have titles like:   Key Task,   Urgent Request, or   Need a favor. The sender’s name may appear to be a dean, supervisor or someone you know asking for hundreds of dollars worth of gift cards from various vendors like Apple or Best Buy. Or they could be asking you to pay a bill for them, claiming that they are in a meeting and cannot step away. There is a sense of urgency, where the action needs to be completed immediately.

These phishing campaigns are successful in achieving the phisher’s goal...money! Please be on the alert for these messages so that you don’t fall for these scams.


The Phishing Scam Artist

What is phishing?

  • Phishing is a form of cyber-attack where the attacker ‘mimics’ another person, university or business with the hopes of tricking the user into clicking a link and/or providing their personal information.

What do they want?

  • Money! Or worse - your identity!
    • Oftentimes the attacker is looking for personal information – social security number, username and password, or banking information – in order to gain access to your account(s).
  • Control!
    • Other times the attacker is attempting to infect or take control of your device.

What’s in their ‘bag of phishing tricks?

Does phishing sound scary? It can be. The best defense is being informed and knowing how to avoid becoming a victim to a phishing email. Attackers have quite the array of ‘tricks’ they use to trap a user such as:

  • URGENCY! Telling you this needs immediate attention, or ELSE!
  • Suspicious links
  • Attachments
  • Using the same logo/format as an email you’d expect to see from an otherwise established institution to gain your trust

How to protect yourself

Be critical of the email and assess who it’s from and the reason behind it. Is the email asking for your credentials? Are they trying to get you to open an attachment? Click on a link? Sometimes it is smart to call the organization or check the organization’s website to verify if they are sending emails of this nature out to their users/customers.

  • Do NOT:
    • Keep any detailed personal or family information in your stored emails.
    • Maintain any personally identifying information such as driver’s license, SSN, passwords, credit card numbers or date of birth in your emails.
    • Write your passwords down, share or email your passwords to anyone or use commonly constructed passwords (pet names, family names, SSN, etc.).
    • Walk away from your computer while still logged into your email without locking your screen.
    • Use your date of birth or easily obtained information for passwords or password reset questions.
  • Do:
    • Safeguard your passwords and information.
    • Always lock your computer and/or device.
    • Report any suspicious emails to abuse@niu.edu.
    • Use common sense and a critical eye when reviewing emails.
    • Always log in with a trusted URL.
    • Verify the link sent in an email by 'hovering' over to see its true destination.
    • Verify the sender of the email by 'hovering' over their name to see what email address was used.

Oh NO! I just answered that phishing email; what do I do now?

If you responded to a request for a password and/or provided account information to someone inadvertently:

  • Change your password to a dissimilar and better password immediately.
  • Notify the IT Service Desk immediately at 815-753-8100.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for suspicious charges to your account.
  • If you believe your identity may be compromised:

Security Services at NIU

  • Annual Data Breach Reports:
  • MFA for Applications:
    • it.niu.edu Request Services  MFA For Application
  • System Vulnerability Scan:
    • it.niu.edu Request Services  System Vulnerability Scan
  • Vendor Assessments:
    • it.niu.edu Request Services  Assess Vendor/App Security
Back to top