Information Security

FREE Online PHISHING Training Available to NIU Students

Phishing

Ongoing Active Threats

There have been a recent rash of aggressive phishing campaigns which are resulting in an increased number of hacked NIU student email accounts.

Below are examples of phishing emails that NIU employees received from compromised NIU student email accounts. They included subjects like:

  • "NIU IMPORTANT ANNOUNCEMENT",
  • "NIU I.T. MAINTENANCE", and
  • "NIU NEWS."
Phishing attacks involve the sending of fraudulent email messages that often appear to be coming from a reputable source. The goal of these messages is for hackers to gain access to NIU email accounts and use that account to do more hacking and phishing.

What does this recent scam look like?
The recent phishing campaign appears to initially be targeting NIU student email accounts where cyber criminals are looking to harvest their login credentials. Once cyber criminals have the compromised student login information, they can send further phishing emails that appear to come from the student. In this phishing campaign, the cyber criminal then sent out at least 8,000 similar phishing emails, per compromised student account, to NIU students and employees.

Below are some images of these phishing email messages. Key information in the email is highlighted in yellow, and student names and account information in the “From” field have been redacted.

Example of a phishing email

Example of phishing email.

Example of phishing email.

These emails, that initially went to students, created a false sense of emergency by pretending that the recipient's account is being terminated or that the sender is offering them a job opportunity. Each email has a link which would redirect recipients to a cloned phishing website or a Google Form asking them to provide their credentials or personal information and approve the Multifactor Authentication (MFA) request or enter the MFA code.

Multifactor Authentication (MFA) is an authentication method that requires the user to provide two or more means of verification to gain access to an application. Without MFA, users would just be asked for a username and password. With MFA, you would often see an additional verification such as a text message with a code being sent to your cell phone. You are then asked to enter the code to verify that it is you requesting access.

MFA challenges should NOT be approved unless you are certain it is coming from your own activities. Never click on attachments, URLs or reply to a message, etc., unless it was from a trustworthy source.

In cases where an email account is considered as compromised, the account will be blocked, and students or employees should contact the NIU Service Desk (email ServiceDesk@niu.edu or call 815-753-8100) to resolve their account situation and reset their password.
How can you protect yourself?
  • We strongly recommend using the Microsoft Authenticator app for MFA instead of SMS texting codes or phone calls for authentication. More information on using the app can be found at: https://www.niu.edu/doit/security/multifactor-authentication.shtml under the Frequently Asked Questions area.
  • Never approve an MFA message that you are unsure about. If you are not attempting to login, you should deny the MFA message, reset your password and report it immediately.
  • Become more aware of how phishing works by reviewing “The Phishing Scam Artist” under these "Ongoing Active Threats".
Phishers attempt to trick you into clicking on a link and providing them with your personal information. They could be after your money, identity and control of your device. Phishers also try to create urgency around a situation. Never click on suspicious links, or open unverified attachments unless they are coming from a trustworthy source.

Here is an interesting article that was provided by NIU’s Information Security training vendor, KnowBe4, regarding scams to watch out for this holiday season. 

"The holiday season is a time when people are especially vulnerable to scams. This is because they are busy and often have their guard down. Criminals take advantage of this by circulating fake e-gift cards, posing as charities, targeting specific demographics, and so on. In this 3-min article, we will discuss Google's five most popular scams being circulated this holiday season. So, if you want to be aware of the social engineering dangers lurking online, then keep reading!

1) E-gift card scams:
2) Charities
3) Demographic Targeting
4) Subscription renewals
5) Crypto scams

With the holiday season in full swing, so are gift card and prize scams. These scammers will often lie about being a known contact of yours to try and get you to buy them a gift card, or they may offer an amazing prize in exchange for your credit card information. If you receive any suspicious emails like this from someone claiming to be your friend, make sure to confirm it with them through another method before doing anything further. And as always, if something seems too good to be true, it probably is.

Be wary of scammers and phishing attempts; they actually worsen during the holiday season. This would not only hurt those who fall for the scams, but also charities that could've benefited from donations. For example, an attacker may pretend to be associated with a charity related to current events or one with a familiar name. If someone contacts you asking for money via personal email or another method, beware that it might be fraudulent.

With more people shopping online and sharing personal information this holiday season, scammers are taking advantage by targeting consumers with fraud that seems more realistic. For example, you might get an email from what looks like your child's school PTA about a holiday fundraiser.

But if you click on the link in the email, it could take you to a fake website where you're asked to enter sensitive information like your credit card number or Social Security Number. These types of scams can be difficult to identify because they seem so personalized. But if you're aware of potential threats and know what to look for, you can help protect yourself against them.

Scammers love to target people at the end of the year, and one particularly nasty version of these emails spoofs antivirus services. They lure victims with promises of improved security, but if you take a closer look at the sender’s email address, you can usually spot these scams pretty easily. 

Crypto currency-based scammers are more prevalent during times of high crypto usage, like now. They often use a crypto currency wallet to collect payment and may threaten their victim if they don't receive the funds. Gmail usually sends a warning about these kinds of emails, but it's helpful to know how to spot them on your own too. Some key things to look out for that signal fraud include typos, strange email addresses, and demands for payment. 

By being aware of these five popular scams circulating this holiday season, you can protect yourself and your loved ones from potential fraud." 

There is a recent rash of aggressive phishing campaigns, targeting NIU students, which are resulting in an increased number of hacked student email accounts.

Phishing attacks involve the sending of fraudulent email messages that often appear to be coming from a reputable source. The goal of these messages is for hackers to gain access to the student account and use that account to do more hacking and phishing.

What does this recent scam look like? What is it asking me to do?

Here is one example of a phishing message that came from an external link to NIU student email accounts:

“We discovered you got dual enrollment with two universities’ portals. Provide the two portal logins to avoid termination. We will process your termination request shortly; You will lose all your emails associated with your NIU Login account

If you have only one college account, fill in the correct user and passcode and submit. But if you are in a dual credit college, Pls fill in the correct username and password for both school and submit

Copy and paste the URL Below into the address bar of your web browser to cancel the request”

There was an external link provided and if a student clicked on this link, it redirected them to a Google Drive form and asked the student to sign in to submit the form. Once the student signed in, the hacker had their login information, and their account was compromised. The hackers have now gained access to the student account and can use this account to do more hacking and phishing.

Increased security for your NIU Student account

To protect student accounts, NIU is increasing the risk sensitivity of login security policies which may result in increased MFA challenges or blocked access to your account. This additional protection will only trigger when risky or unknown logins occurs.

In some rare cases, where a student email account is considered as compromised, the account will be blocked, and students should contact the NIU Service Desk (email ServiceDesk@niu.edu or call 815-753-8100) to resolve their account situation and reset their password.

How can students protect themselves?
  • We strongly recommend using the Microsoft Authenticator app for MFA instead of SMS texting codes or phone calls for authentication. More information on using the app can be found at: https://www.niu.edu/doit/security/multifactor-authentication.shtml under the Frequently Asked Questions area.
  • Never approve an MFA message that you are unsure about. If you are not attempting to login, you should deny the MFA message, reset your password and report it immediately.
  • Become more aware of how phishing works by reviewing “The Phishing Scam Artist” on the NIU Information Security website: https://www.niu.edu/doit/security/index.shtml.

Phishers attempt to trick you into clicking on a link and providing them with your personal information. They could be after your money, identity and control of your device. Phishers also try to create urgency around a situation. Be careful of suspicious links, attachments and make sure that the logo and format of the email is as you would expect from a trusted institution.

The FBI and FTC have released warnings about potential scams targeting individuals attempting to enroll in the newly announced Federal Student Aid Relief Plan.  Please note that the courts have issued orders blocking the program, so currently applications are not being accepted. Please monitor the official site for the latest status of the program: https://studentaid.gov/.

Scammers may be looking to steal personal and financial information, or program payments from potential victims through multiple schemes, including:

  • fraudulent websites that mimic the application form,
  • phone scams,
  • phishing emails,
  • SMS (text messages), and
  • other online chat services.

What you should know

Only apply at the official Federal Student Load Debt Relief site: https://studentaid.gov/. Applying for the program is free of charge. Any requests to pay for enrolling in the program or for processing the application indicate fraud.

When you apply, the application WILL ask for your name, birth date, Social Security number, phone number and address. The application process DOES NOT require you to provide bank account or credit card information, log into any accounts or upload any documents during the initial phase of the application.

The US government will not send notices to advertise the program, so any emails, phone calls, SMS messages you receive pointing to applications will be fraudulent.

When using Google to find out more about this program, beware of ads for services that charge fees, impersonate government agencies, or try to gain personal information. 

Tips to Protect Yourself

Do not open links from suspicious email addresses. During later stages of the application process, requests for additional information will only come from the following email addresses:

  • noreply@studentaid.gov
  • noreply@debtrelief.studentaid.gov
  • gov@public.govdelivery.com.

Exercise caution when entering any personally identifiable or financial information on websites, or when downloading images or files from an unknown or unsolicited email. Check for spelling or grammatical errors on the website or in an email received.

What to do if you are a victim

If you find yourself a victim of an internet scam, please refer to the FBI PSA Potential Fraud Schemes Targeting Individuals Seeking Federal Student Loan Forgiveness site, and scroll down to the bottom of the notice for actions you can follow.

You can also report the scam at the following FTC site:  ReportFraud.ftc.gov.


The Phishing Scam Artist

What is phishing?

  • Phishing is a form of cyber-attack where the attacker ‘mimics’ another person, university or business with the hopes of tricking the user into clicking a link and/or providing their personal information.

What do they want?

  • Money! Or worse - your identity!
    • Oftentimes the attacker is looking for personal information – social security number, username and password, or banking information – in order to gain access to your account(s).
  • Control!
    • Other times the attacker is attempting to infect or take control of your device.

What’s in their ‘bag of phishing tricks?

Does phishing sound scary? It can be. The best defense is being informed and knowing how to avoid becoming a victim to a phishing email. Attackers have quite the array of ‘tricks’ they use to trap a user such as:

  • URGENCY! Telling you this needs immediate attention, or ELSE!
  • Suspicious links
  • Attachments
  • Using the same logo/format as an email you’d expect to see from an otherwise established institution to gain your trust

How to protect yourself

Be critical of the email and assess who it’s from and the reason behind it. Is the email asking for your credentials? Are they trying to get you to open an attachment? Click on a link? Sometimes it is smart to call the organization or check the organization’s website to verify if they are sending emails of this nature out to their users/customers.

  • Do NOT:
    • Keep any detailed personal or family information in your stored emails.
    • Maintain any personally identifying information such as driver’s license, SSN, passwords, credit card numbers or date of birth in your emails.
    • Write your passwords down, share or email your passwords to anyone or use commonly constructed passwords (pet names, family names, SSN, etc.).
    • Walk away from your computer while still logged into your email without locking your screen.
    • Use your date of birth or easily obtained information for passwords or password reset questions.
  • Do:
    • Safeguard your passwords and information.
    • Always lock your computer and/or device.
    • Report any suspicious emails to abuse@niu.edu.
    • Use common sense and a critical eye when reviewing emails.
    • Always log in with a trusted URL.
    • Verify the link sent in an email by 'hovering' over to see its true destination.
    • Verify the sender of the email by 'hovering' over their name to see what email address was used.

Oh NO! I just answered that phishing email; what do I do now?

If you responded to a request for a password and/or provided account information to someone inadvertently:

  • Change your password to a dissimilar and better password immediately.
  • Notify the IT Service Desk immediately at 815-753-8100.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for suspicious charges to your account.
  • If you believe your identity may be compromised:

COVID-19 Scams

Due to the global COVID-19 pandemic, the number and manner of scams is increasing sharply. If you have any concern about a potential incident or worry you might have fallen victim to a phishing attempt, please contact our Information Security team by sending an email describing the incident to abuse@niu.edu and refer to email phishing. The current scams will be updated in our IT Service Portal under "Phishing/Security Events". You will need to login before you can review it.

Malicious Phone Calls

Bad actors are pretending to be:

  • IT support
  • From your Bank
  • From your Credit Card company
  • From your Insurance Company

None of those resources will make an unsolicited call to you.

They will ask for your account, or personal information, or ask you to verify a PIN, or ask you to go to a website for assistance.

Do not do it, and do not give any information to the caller.

Hang-up, and if necessary contact the appropriate resource through normal channels.

  • IT support – IT Service Portal or your local IT support
  • From your Bank – go to your bank’s website and see how to contact them
  • From your Credit Card company – use the phone number on the back of your credit card
  • From your Insurance Company – use the contact information on your insurance card

Email Phishing

Malicious emails about COVID-19 containing malware are also on the rise. These emails are spoofing health related organizations and claim to offer cures, vaccines, tests or other opportunities related to COVID-19. If you receive such emails, Please do not reply to the email or click any link or open any attachment, and just send the email itself as an attachment to abuse@niu.edu.

These emails will falsely claim to be:

  • CDC Alerts – The CDC will not send you an unsolicited alert. The only way to get alerts from the CDC is to go to their official website and subscribe.
  • Health Advice or Healthcare Organizations – These will ask you to click a link or open an attachment to get access to a test, vaccine, a cure or to download/review safety measures. Clicking the link or opening the attachment will either download malware or persuade you to enter personal information.
  • Local Public Safety or Public Health alerts – These will claim you need to click some link to stay safe or register to stay safe or need to open an attachment since you missed an important phone call from them.
  • NIU officials and NIU Departments – These emails will likely say there is an urgent change in policy and you need to click on a link or open an attachment.

Malicious Websites

An astonishing number of new websites using the COVID name have popped up. These are not reputable websites at best, and at worst deliver malware to your computer right through your browser.

examples of malicious websites

Malicious Mobile Apps

Please beware of all sorts of new COVID mobile apps.  A new Android app at a website called “coronavirusapp” is a ransomware locker.

Some other coronavirus apps have been identified as info stealers

Please only use reputable mobile apps.

What to do if you think you are a victim 

If you responded to a request for a password and/or provided account information to someone inadvertently:

  • Change your password to a dissimilar and better password immediately.
  • Notify the IT Service Desk immediately at servicedesk@niu.edu, and abuse@niu.edu
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for suspicious charges to your account.
  • If you believe your computer has been compromised by malware please do a windows defender offline scan and contact your IT support. Instructions for doing the scan can be found at the following link. 

 If you believe your identity may be compromised

  • Please visit the Federal Trade Commission’s Consumer Information regarding Identity Theft at ftc.gov/ID theft for more information and steps to recover; OR
  • Please contact your local police department; OR You may contact the NIU Department of Police and Public Safety at 815-753-1212 or NIUPD@niu.edu;
  • Contact credit bureaus to freeze your credit.

Security Services at NIU

  • Annual Data Breach Reports:
  • MFA for Applications:
    • it.niu.edu Request Services  MFA For Application
  • System Vulnerability Scan:
    • it.niu.edu Request Services  System Vulnerability Scan
  • Vendor Assessments:
    • it.niu.edu Request Services  Assess Vendor/App Security
Back to top