Information Security
Phishing
3/30/2021 -
Scammers target universities in ongoing IRS phishing attacks.
IRS warns university students and staff of impersonation email scam.
3/17/2021 -
FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in at least 12 U.S. states. The unidentified cyber actors have specifically targeted higher education, K-12 schools and seminaries. Attacks include Phishing and network compromises of vulnerable internet facing services.
We have seen an uptick in malware detection and phish activity against NIU. All students, faculty and staff must use utmost caution when handling email. Treat all email as if it is potentially malicious and report all phish to abuse@niu.edu
CISA-FBI Joint Advisory on TrickBot Malware
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware. A sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities.
2/19/2021 - IRS Warns of Fresh Fraud Tactics as Tax Season Starts
NIU’s Division of Information Technology will never ask you for your password. See recent phishing alerts.
The Phishing Scam Artist
What is phishing?
- Phishing is a form of cyber-attack where the attacker ‘mimics’ another person, university or business with the hopes of tricking the user into clicking a link and/or providing their personal information.
What do they want?
- Money! Or worse - your identity!
- Oftentimes the attacker is looking for personal information – social security number, username and password, or banking information – in order to gain access to your account(s).
- Control!
- Other times the attacker is attempting to infect or take control of your device.
What’s in their ‘bag of phishing tricks?
Does phishing sound scary? It can be. The best defense is being informed and knowing how to avoid becoming a victim to a phishing email. Attackers have quite the array of ‘tricks’ they use to trap a user such as:
- URGENCY! Telling you this needs immediate attention, or ELSE!
- Suspicious links
- Attachments
- Using the same logo/format as an email you’d expect to see from an otherwise established institution to gain your trust
How to protect yourself
Be critical of the email and assess who it’s from and the reason behind it. Is the email asking for your credentials? Are they trying to get you to open an attachment? Click on a link? Sometimes it is smart to call the organization or check the organization’s website to verify if they are sending emails of this nature out to their users/customers.
- Do NOT:
- Keep any detailed personal or family information in your stored emails.
- Maintain any personally identifying information such as driver’s license, SSN, passwords, credit card numbers or date of birth in your emails.
- Write your passwords down, share or email your passwords to anyone or use commonly constructed passwords (pet names, family names, SSN, etc.).
- Walk away from your computer while still logged into your email without locking your screen.
- Use your date of birth or easily obtained information for passwords or password reset questions.
- Do:
- Safeguard your passwords and information.
- Always lock your computer and/or device.
- Report any suspicious emails to abuse@niu.edu.
- Use common sense and a critical eye when reviewing emails.
- Always log in with a trusted URL.
- Verify the link sent in an email by 'hovering' over to see its true destination.
- Verify the sender of the email by 'hovering' over their name to see what email address was used.
Oh NO! I just answered that phishing email; what do I do now?
If you responded to a request for a password and/or provided account information to someone inadvertently:
- Change your password to a dissimilar and better password immediately.
- Notify the IT Service Desk immediately at 815-753-8100.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for suspicious charges to your account.
- If you believe your identity may be compromised:
- Please visit the FTC’s Consumer Information regarding Identity Theft for more information and steps to recover.
- Please contact your local police department.
- You may contact the NIU Department of Police and Public Safety at 815-753-1212 or NIUPD@niu.edu;
- Contact credit bureaus to freeze your credit.
Recent Alerts
November 12, 2020
Multiple Ransomware Threats
Phishing emails that contain links to external documents containing malware and ransomware are typically delivered by commercial mass email delivery services such as google. Spoofed email addresses may also be used.
Email received by a victim will contain a link to an actor-controlled Google Drive document or other free online file hosting solutions such as Box, Drop Box, or even OneDrive. This document, usually a PDF, references a failure to create a preview of the document and contains a link to a URL hosting a malware payload in the form of a misnamed or multiple extension file. Emails can appear as routine, legitimate business correspondence about customer complaints, hiring decision, or other important tasks that require the attention of the recipient and may included the recipient's name or employer name in the subject line and/or email body.
Below are some of the identified file names to install the ransomware:
- Report-Review26-10.exe
- Review_Report15-10.exe
- Document_Print.exe
- Report10-13.exe
- Text_Report.exe
For more details please review the Cybersecurity and Infrastructure Security Agency website.
October, 19, 2020
EMOTET ransomware spam:
The EMOTET ransomware actors have launched a new massive attack campaign on October 14 2020 and began blasting out malicious spam worldwide. These spam campaigns pretend to be invoices, shipping information, COVID-19 information, information about President Trump's health, resumes or purchase orders to name a few. This campaign will even pretend to be a Microsoft Windows update!
If you receive an unexpected email such as described above:
- DO NOT click, open or reply to anything in that email!
- Report it to abuse@niu.edu immediately!
For more information please review this article about Emotet malware's attachment.
August 24, 2020:
Zoom Scam:
Please review this article about the Zoom phishing scam. This has been on campus already, and is expected to both continue and be more effective now that we have Zoom.
Tech support Scam:
This has been on campus already. The scam comes from phone calls or web pop-ups that invite users to “fix” their account or computer, by connecting to an application that allows the attacker access to their computer. The scammer then gains control of their computer, and locks them out or encrypts their files, and extorts money to return access to the victim. Please review this article about avoiding tech support scams.
More Information
- Cell Phone Phishing
- Junk Mail Settings
- Avoiding Social Engineering and Phishing Attacks
- How to Recognize and Avoide Phishing Scams
- Protecting Your Privacy
- Multi-Factor Authentication Project (2017)
- INFOSEC Awareness Training (A Cry For Help)
- Internet Safety for Students by Oliver Schinkten
Report it!
If you receive a phishing e-mail, forward it as an attachment to abuse@niu.edu.
COVID-19 Scams
April 22, 2020: The FBI has release a public service announcement, Online Extortion Scams Increasing During The Covid-19 Crisis, through the Internet Crime Center.
NIU students and employees, if you feel you have been a victim please contact NIU Police at 815-753-1212.
April 8, 2020: Please review current guidance from the US Department of Homeland Security.
Due to the global COVID-19 pandemic, the number and manner of scams is increasing sharply. If you have any concern about a potential incident or worry you might have fallen victim to a phishing attempt, please contact our Information Security team by sending an email describing the incident to abuse@niu.edu and refer to email phishing. The current scams will be updated in our IT Service Portal under "Phishing/Security Events". You will need to login before you can review it.
Malicious Phone Calls
Bad actors are pretending to be:
- IT support
- From your Bank
- From your Credit Card company
- From your Insurance Company
None of those resources will make an unsolicited call to you.
They will ask for your account, or personal information, or ask you to verify a PIN, or ask you to go to a website for assistance.
Do not do it, and do not give any information to the caller.
Hang-up, and if necessary contact the appropriate resource through normal channels.
- IT support – IT Service Portal or your local IT support
- From your Bank – go to your bank’s website and see how to contact them
- From your Credit Card company – use the phone number on the back of your credit card
- From your Insurance Company – use the contact information on your insurance card
Email Phishing
Malicious emails about COVID-19 containing malware are also on the rise. These emails are spoofing health related organizations and claim to offer cures, vaccines, tests or other opportunities related to COVID-19. If you receive such emails, Please do not reply to the email or click any link or open any attachment, and just send the email itself as an attachment to abuse@niu.edu.
These emails will falsely claim to be:
- CDC Alerts – The CDC will not send you an unsolicited alert. The only way to get alerts from the CDC is to go to their official website and subscribe.
- Health Advice or Healthcare Organizations – These will ask you to click a link or open an attachment to get access to a test, vaccine, a cure or to download/review safety measures. Clicking the link or opening the attachment will either download malware or persuade you to enter personal information.
- Local Public Safety or Public Health alerts – These will claim you need to click some link to stay safe or register to stay safe or need to open an attachment since you missed an important phone call from them.
- NIU officials and NIU Departments – These emails will likely say there is an urgent change in policy and you need to click on a link or open an attachment.
Malicious Websites
An astonishing number of new websites using the COVID name have popped up. These are not reputable websites at best, and at worst deliver malware to your computer right through your browser.
Malicious Mobile Apps
Please beware of all sorts of new COVID mobile apps. A new Android app at a website called “coronavirusapp” is a ransomware locker.
Some other coronavirus apps have been identified as info stealers
Please only use reputable mobile apps.
What to do if you think you are a victim
If you responded to a request for a password and/or provided account information to someone inadvertently:
- Change your password to a dissimilar and better password immediately.
- Notify the IT Service Desk immediately at servicedesk@niu.edu, and abuse@niu.edu
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for suspicious charges to your account.
- If you believe your computer has been compromised by malware please do a windows defender offline scan and contact your IT support. Instructions for doing the scan can be found at the following link.
If you believe your identity may be compromised
- Please visit the Federal Trade Commission’s Consumer Information regarding Identity Theft at ftc.gov/ID theft for more information and steps to recover; OR
- Please contact your local police department; OR You may contact the NIU Department of Police and Public Safety at 815-753-1212 or NIUPD@niu.edu;
- Contact credit bureaus to freeze your credit.
Security Awareness
Security Training at NIU
Security Services at NIU
- Annual Data Breach Reports:
- 2018
- 2019
- MFA for Applications:
- it.niu.edu Make a Request Submit Generic Request
- System Vulnerability Scan:
- it.niu.edu Make a Request Submit Generic Request
- Vendor Assessments:
- it.niu.edu Make a Request Assess Vendor/App Security
Contact Us
Division of Information Technology815-753-8100
ServiceDesk@niu.edu