1/26/2022 -
Tax Scam Emails Are Alive and Well as US Tax Season Starts
12/14/2021 -
'Omicron Strain' Now a Topic Hackers are Using to Send Malicious Files to US Universities
12/7/2021 -
University Targeted Credential Phishing Campaigns Use COVID-19, Omicron Themes
Convincing Microsoft Phishing Uses Fake Office 365 Spam Alerts -
A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials.
11/5/2021 -
Phishing Attack Blends Spoofed Amazon Order and Fraudulent Customer Service Agents
Phishing Emails Deliver Spooky Zombie-Themed MirCop Ransomware Through Google Drive
10/27/2021 -
Scammers Are Emailing Waves Of Unsolicited QR Codes, Aiming To Steal Microsoft Users' Passwords
Phishing Attack Exploits Craigslist And Microsoft OneDrive
10/20/2021 -
Please be aware of the these current prevalent phishing threats:
For more information: October Consumer Cyber Safety Pulse Report – From Norton Labs | NortonLifeLock Blogs
8/22/2021 -
All returning students, faculty and staff need to be aware of these three phishing campaigns for the start of the Fall 2021 semester. Please continue to report all phishing attempts to abuse@niu.edu
7/15/2021 -
Please be aware of ongoing Gift Card Scams. These phishing scams typically impersonate VP’s, Directors, Deans and Chairs to leverage authority and urgency and actively engage the victim in a short txt or email conversation. That conversation leads to a request to purchase gift cards and sending the attacker the activation codes. The initial email is very short and is usually not detected by anti-phish software. Common examples include:
Subject: URGENT REQUEST |
Subject: Quick question |
Subject: URGENT: What number can I text you at? |
6/24/2021 -
Microsoft Tracks New BazaCall Malware Campaign
Microsoft Security Intelligence is tracking an active BazaCall malware campaign that leads to ransomware deployment, officials reported in a Twitter thread yesterday.
The BazaCall campaigns use emails that instruct recipients to call a number to cancel their supposed subscription to a service. When victims call the number, they reach a fraudulent call center operated by attackers who tell them to visit a website and download an Excel file in order to cancel the service. This file contains a malicious macro that downloads the payload.
6/22/2021 -
Phishing Attack Abuses Google Drive and Docs
3/30/2021 -
Scammers target universities in ongoing IRS phishing attacks.
IRS warns university students and staff of impersonation email scam.
3/17/2021 -
FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in at least 12 U.S. states. The unidentified cyber actors have specifically targeted higher education, K-12 schools and seminaries. Attacks include Phishing and network compromises of vulnerable internet facing services.
We have seen an uptick in malware detection and phish activity against NIU. All students, faculty and staff must use utmost caution when handling email. Treat all email as if it is potentially malicious and report all phish to abuse@niu.edu
CISA-FBI Joint Advisory on TrickBot Malware
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware. A sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities.
Does phishing sound scary? It can be. The best defense is being informed and knowing how to avoid becoming a victim to a phishing email. Attackers have quite the array of ‘tricks’ they use to trap a user such as:
Be critical of the email and assess who it’s from and the reason behind it. Is the email asking for your credentials? Are they trying to get you to open an attachment? Click on a link? Sometimes it is smart to call the organization or check the organization’s website to verify if they are sending emails of this nature out to their users/customers.
Oh NO! I just answered that phishing email; what do I do now?
If you responded to a request for a password and/or provided account information to someone inadvertently:
November 12, 2020
Multiple Ransomware Threats
Phishing emails that contain links to external documents containing malware and ransomware are typically delivered by commercial mass email delivery services such as google. Spoofed email addresses may also be used.
Email received by a victim will contain a link to an actor-controlled Google Drive document or other free online file hosting solutions such as Box, Drop Box, or even OneDrive. This document, usually a PDF, references a failure to create a preview of the document and contains a link to a URL hosting a malware payload in the form of a misnamed or multiple extension file. Emails can appear as routine, legitimate business correspondence about customer complaints, hiring decision, or other important tasks that require the attention of the recipient and may included the recipient's name or employer name in the subject line and/or email body.
Below are some of the identified file names to install the ransomware:
For more details please review the Cybersecurity and Infrastructure Security Agency website.
October, 19, 2020
EMOTET ransomware spam:
The EMOTET ransomware actors have launched a new massive attack campaign on October 14 2020 and began blasting out malicious spam worldwide. These spam campaigns pretend to be invoices, shipping information, COVID-19 information, information about President Trump's health, resumes or purchase orders to name a few. This campaign will even pretend to be a Microsoft Windows update!
If you receive an unexpected email such as described above:
For more information please review this article about Emotet malware's attachment.
August 24, 2020:
Zoom Scam:
Please review this article about the Zoom phishing scam. This has been on campus already, and is expected to both continue and be more effective now that we have Zoom.
Tech support Scam:
This has been on campus already. The scam comes from phone calls or web pop-ups that invite users to “fix” their account or computer, by connecting to an application that allows the attacker access to their computer. The scammer then gains control of their computer, and locks them out or encrypts their files, and extorts money to return access to the victim.
If you receive a phishing e-mail, forward it as an attachment to abuse@niu.edu.
August 22, 2021: Please be aware that COVID-19 scams and disinformation continues to be rampant. These scams target individuals for personal and financial information, and disinformation campaigns target organizations to cause dissidence and create favorable conditions for further attacks. https://oig.hhs.gov/fraud/consumer-alerts/fraud-alert-covid-19-scams/
Protect Yourself
If You Make or Buy a Fake COVID-19 Vaccination Record Card, You Endanger Yourself and Those Around You, and You Are Breaking the Law https://www.ic3.gov/media/y2021/psa210330
June 2, 2021: Hackers Exploit Post-COVID Return to Offices | Threatpost
April 22, 2020: The FBI has release a public service announcement, Online Extortion Scams Increasing During The Covid-19 Crisis, through the Internet Crime Center.
NIU students and employees, if you feel you have been a victim please contact NIU Police at 815-753-1212.
April 8, 2020: Please review current guidance from the US Department of Homeland Security.
Due to the global COVID-19 pandemic, the number and manner of scams is increasing sharply. If you have any concern about a potential incident or worry you might have fallen victim to a phishing attempt, please contact our Information Security team by sending an email describing the incident to abuse@niu.edu and refer to email phishing. The current scams will be updated in our IT Service Portal under "Phishing/Security Events". You will need to login before you can review it.
Bad actors are pretending to be:
None of those resources will make an unsolicited call to you.
They will ask for your account, or personal information, or ask you to verify a PIN, or ask you to go to a website for assistance.
Do not do it, and do not give any information to the caller.
Hang-up, and if necessary contact the appropriate resource through normal channels.
Malicious emails about COVID-19 containing malware are also on the rise. These emails are spoofing health related organizations and claim to offer cures, vaccines, tests or other opportunities related to COVID-19. If you receive such emails, Please do not reply to the email or click any link or open any attachment, and just send the email itself as an attachment to abuse@niu.edu.
These emails will falsely claim to be:
An astonishing number of new websites using the COVID name have popped up. These are not reputable websites at best, and at worst deliver malware to your computer right through your browser.
Please beware of all sorts of new COVID mobile apps. A new Android app at a website called “coronavirusapp” is a ransomware locker.
Some other coronavirus apps have been identified as info stealers
Please only use reputable mobile apps.
If you responded to a request for a password and/or provided account information to someone inadvertently: