Information Security

There have been a recent rash of aggressive phishing campaigns which are resulting in an increased number of hacked NIU student email accounts.

Below are examples of phishing emails that NIU employees received from compromised NIU student email accounts. They included subjects like:

• "NIU IMPORTANT ANNOUNCEMENT",
• "NIU I.T. MAINTENANCE", and
• "NIU NEWS."

Phishing attacks involve the sending of fraudulent email messages that often appear to be coming from a reputable source. The goal of these messages is for hackers to gain access to NIU email accounts and use that account to do more hacking and phishing.

What does this recent scam look like?
The recent phishing campaign appears to initially be targeting NIU student email accounts where cyber criminals are looking to harvest their login credentials. Once cyber criminals have the compromised student login information, they can send further phishing emails that appear to come from the student. In this phishing campaign, the cyber criminal then sent out at least 8,000 similar phishing emails, per compromised student account, to NIU students and employees.

Below are some images of these phishing email messages. Key information in the email is highlighted in yellow, and student names and account information in the “From” field have been redacted.







These emails, that initially went to students, created a false sense of emergency by pretending that the recipient's account is being terminated or that the sender is offering them a job opportunity. Each email has a link which would redirect recipients to a cloned phishing website or a Google Form asking them to provide their credentials or personal information and approve the Multifactor Authentication (MFA) request or enter the MFA code.

Multifactor Authentication (MFA) is an authentication method that requires the user to provide two or more means of verification to gain access to an application. Without MFA, users would just be asked for a username and password. With MFA, you would often see an additional verification such as a text message with a code being sent to your cell phone. You are then asked to enter the code to verify that it is you requesting access.

MFA challenges should NOT be approved unless you are certain it is coming from your own activities. Never click on attachments, URLs or reply to a message, etc., unless it was from a trustworthy source.

In cases where an email account is considered as compromised, the account will be blocked, and students or employees should contact the NIU Service Desk (email ServiceDesk@niu.edu or call 815-753-8100) to resolve their account situation and reset their password.
How can you protect yourself?

Here is an interesting article that was provided by NIU’s Information Security training vendor, KnowBe4, regarding scams to watch out for this holiday season. 

"The holiday season is a time when people are especially vulnerable to scams. This is because they are busy and often have their guard down. Criminals take advantage of this by circulating fake e-gift cards, posing as charities, targeting specific demographics, and so on. In this 3-min article, we will discuss Google's five most popular scams being circulated this holiday season. So, if you want to be aware of the social engineering dangers lurking online, then keep reading!

1) E-gift card scams:
2) Charities
3) Demographic Targeting
4) Subscription renewals
5) Crypto scams

With the holiday season in full swing, so are gift card and prize scams. These scammers will often lie about being a known contact of yours to try and get you to buy them a gift card, or they may offer an amazing prize in exchange for your credit card information. If you receive any suspicious emails like this from someone claiming to be your friend, make sure to confirm it with them through another method before doing anything further. And as always, if something seems too good to be true, it probably is.

Be wary of scammers and phishing attempts; they actually worsen during the holiday season. This would not only hurt those who fall for the scams, but also charities that could've benefited from donations. For example, an attacker may pretend to be associated with a charity related to current events or one with a familiar name. If someone contacts you asking for money via personal email or another method, beware that it might be fraudulent.

With more people shopping online and sharing personal information this holiday season, scammers are taking advantage by targeting consumers with fraud that seems more realistic. For example, you might get an email from what looks like your child's school PTA about a holiday fundraiser.

But if you click on the link in the email, it could take you to a fake website where you're asked to enter sensitive information like your credit card number or Social Security Number. These types of scams can be difficult to identify because they seem so personalized. But if you're aware of potential threats and know what to look for, you can help protect yourself against them.

Scammers love to target people at the end of the year, and one particularly nasty version of these emails spoofs antivirus services. They lure victims with promises of improved security, but if you take a closer look at the sender’s email address, you can usually spot these scams pretty easily. 

Crypto currency-based scammers are more prevalent during times of high crypto usage, like now. They often use a crypto currency wallet to collect payment and may threaten their victim if they don't receive the funds. Gmail usually sends a warning about these kinds of emails, but it's helpful to know how to spot them on your own too. Some key things to look out for that signal fraud include typos, strange email addresses, and demands for payment. 

By being aware of these five popular scams circulating this holiday season, you can protect yourself and your loved ones from potential fraud." 

There is a recent rash of aggressive phishing campaigns, targeting NIU students, which are resulting in an increased number of hacked student email accounts.

Phishing attacks involve the sending of fraudulent email messages that often appear to be coming from a reputable source. The goal of these messages is for hackers to gain access to the student account and use that account to do more hacking and phishing.

What does this recent scam look like? What is it asking me to do?

Here is one example of a phishing message that came from an external link to NIU student email accounts:

“We discovered you got dual enrollment with two universities’ portals. Provide the two portal logins to avoid termination. We will process your termination request shortly; You will lose all your emails associated with your NIU Login account

If you have only one college account, fill in the correct user and passcode and submit. But if you are in a dual credit college, Pls fill in the correct username and password for both school and submit

Copy and paste the URL Below into the address bar of your web browser to cancel the request”

There was an external link provided and if a student clicked on this link, it redirected them to a Google Drive form and asked the student to sign in to submit the form. Once the student signed in, the hacker had their login information, and their account was compromised. The hackers have now gained access to the student account and can use this account to do more hacking and phishing.

Increased security for your NIU Student account

To protect student accounts, NIU is increasing the risk sensitivity of login security policies which may result in increased MFA challenges or blocked access to your account. This additional protection will only trigger when risky or unknown logins occurs.

In some rare cases, where a student email account is considered as compromised, the account will be blocked, and students should contact the NIU Service Desk (email ServiceDesk@niu.edu or call 815-753-8100) to resolve their account situation and reset their password.

How can students protect themselves?

• We strongly recommend using the Microsoft Authenticator app for MFA instead of SMS texting codes or phone calls for authentication. More information on using the app can be found at: https://www.niu.edu/doit/security/multifactor-authentication.shtml under the Frequently Asked Questions area.
• Never approve an MFA message that you are unsure about. If you are not attempting to login, you should deny the MFA message, reset your password and report it immediately.
• Become more aware of how phishing works by reviewing “The Phishing Scam Artist” on the NIU Information Security website: https://www.niu.edu/doit/security/index.shtml.

Phishers attempt to trick you into clicking on a link and providing them with your personal information. They could be after your money, identity and control of your device. Phishers also try to create urgency around a situation. Be careful of suspicious links, attachments and make sure that the logo and format of the email is as you would expect from a trusted institution.

The FBI and FTC have released warnings about potential scams targeting individuals attempting to enroll in the newly announced Federal Student Aid Relief Plan.  Please note that the courts have issued orders blocking the program, so currently applications are not being accepted. Please monitor the official site for the latest status of the program: https://studentaid.gov/.

Scammers may be looking to steal personal and financial information, or program payments from potential victims through multiple schemes, including:

• fraudulent websites that mimic the application form,
• phone scams,
• phishing emails,
• SMS (text messages), and
• other online chat services.

What you should know

Only apply at the official Federal Student Load Debt Relief site: https://studentaid.gov/. Applying for the program is free of charge. Any requests to pay for enrolling in the program or for processing the application indicate fraud.

When you apply, the application WILL ask for your name, birth date, Social Security number, phone number and address. The application process DOES NOT require you to provide bank account or credit card information, log into any accounts or upload any documents during the initial phase of the application.

The US government will not send notices to advertise the program, so any emails, phone calls, SMS messages you receive pointing to applications will be fraudulent.

When using Google to find out more about this program, beware of ads for services that charge fees, impersonate government agencies, or try to gain personal information. 

Tips to Protect Yourself

Do not open links from suspicious email addresses. During later stages of the application process, requests for additional information will only come from the following email addresses:

• noreply@studentaid.gov
• noreply@debtrelief.studentaid.gov
• gov@public.govdelivery.com.

Exercise caution when entering any personally identifiable or financial information on websites, or when downloading images or files from an unknown or unsolicited email. Check for spelling or grammatical errors on the website or in an email received.

What to do if you are a victim

If you find yourself a victim of an internet scam, please refer to the FBI PSA Potential Fraud Schemes Targeting Individuals Seeking Federal Student Loan Forgiveness site, and scroll down to the bottom of the notice for actions you can follow.

You can also report the scam at the following FTC site:  ReportFraud.ftc.gov.