Recently campus has received thousands of phishing emails, specifically seeking cell phone numbers. This is a change in tactic from the usual attempt of obtaining accounts and passwords. There are two likely reasons why this has occurred:
Attackers could now attempt to attack and ransom your digital assets directly by stealing your phone number or directly texting you malicious links/attachments that are aimed at stealing financial and personal information. This has recently happened to one of our own NIU employees.
The attackers use the data from the breaches mentioned above to carry out a social engineering attack on the cellular service providers to steal your phone number
If that is successful, they immediately use the password reset function to intercept the MFA challenge for online banks, email accounts, and any cloud storage you have in order to steal your money, photos, and any valuable content you have online. They will then hold your digital assets for ransom.
If your phone receives no signal or says "Emergency calls only" even after restarting the phone, use another phone to contact your provider immediately and have them check the status of your account for any recent changes.
Phone hijacking can also happen via phishing attacks. Do not click on suspicious links/attached files sent to your mobile devices by SMS text or in email. Malware embedded in links/files can compromise your device. When in doubt, please send an email to abuse@niu.edu reporting the suspicious link/sender.
Review your credit card bills, bank statements and phone bills regularly. If something doesn't look right, report it immediately to your credit card, bank or phone company.
If you receive a phishing SMS text or email, forward it as an attachment to abuse@niu.edu.