Information Security
Phishing
Ongoing Active Threats
12/9/2022 -
5 Top Scams to Watch Out for This Holiday Season
Here is an interesting article that was provided by NIU’s Information Security training vendor, KnowBe4, regarding scams to watch out for this holiday season.
"The holiday season is a time when people are especially vulnerable to scams. This is because they are busy and often have their guard down. Criminals take advantage of this by circulating fake e-gift cards, posing as charities, targeting specific demographics, and so on. In this 3-min article, we will discuss Google's five most popular scams being circulated this holiday season. So, if you want to be aware of the social engineering dangers lurking online, then keep reading!
1) E-gift card scams:
2) Charities
3) Demographic Targeting
4) Subscription renewals
5) Crypto scams
With the holiday season in full swing, so are gift card and prize scams. These scammers will often lie about being a known contact of yours to try and get you to buy them a gift card, or they may offer an amazing prize in exchange for your credit card information. If you receive any suspicious emails like this from someone claiming to be your friend, make sure to confirm it with them through another method before doing anything further. And as always, if something seems too good to be true, it probably is.
Be wary of scammers and phishing attempts; they actually worsen during the holiday season. This would not only hurt those who fall for the scams, but also charities that could've benefited from donations. For example, an attacker may pretend to be associated with a charity related to current events or one with a familiar name. If someone contacts you asking for money via personal email or another method, beware that it might be fraudulent.
With more people shopping online and sharing personal information this holiday season, scammers are taking advantage by targeting consumers with fraud that seems more realistic. For example, you might get an email from what looks like your child's school PTA about a holiday fundraiser.
But if you click on the link in the email, it could take you to a fake website where you're asked to enter sensitive information like your credit card number or Social Security Number. These types of scams can be difficult to identify because they seem so personalized. But if you're aware of potential threats and know what to look for, you can help protect yourself against them.
Scammers love to target people at the end of the year, and one particularly nasty version of these emails spoofs antivirus services. They lure victims with promises of improved security, but if you take a closer look at the sender’s email address, you can usually spot these scams pretty easily.
Cryptocurrency-based scammers are more prevalent during times of high crypto usage, like now. They often use a cryptocurrency wallet to collect payment and may threaten their victim if they don't receive the funds. Gmail usually sends a warning about these kinds of emails, but it's helpful to know how to spot them on your own too. Some key things to look out for that signal fraud include typos, strange email addresses, and demands for payment.
By being aware of these five popular scams circulating this holiday season, you can protect yourself and your loved ones from potential fraud."
11/22/2022 -
Aggressive Phishing Scams Targeting NIU Students
There is a recent rash of aggressive phishing campaigns, targeting NIU students, which are resulting in an increased number of hacked student email accounts.
Phishing attacks involve the sending of fraudulent email messages that often appear to be coming from a reputable source. The goal of these messages is for hackers to gain access to the student account and use that account to do more hacking and phishing.
What does this recent scam look like? What is it asking me to do?Here is one example of a phishing message that came from an external link to NIU student email accounts:
“We discovered you got dual enrollment with two universities’ portals. Provide the two portal logins to avoid termination. We will process your termination request shortly; You will lose all your emails associated with your NIU Login account
If you have only one college account, fill in the correct user and passcode and submit. But if you are in a dual credit college, Pls fill in the correct username and password for both school and submit
Copy and paste the URL Below into the address bar of your web browser to cancel the request”
There was an external link provided and if a student clicked on this link, it redirected them to a Google Drive form and asked the student to sign in to submit the form. Once the student signed in, the hacker had their login information, and their account was compromised. The hackers have now gained access to the student account and can use this account to do more hacking and phishing.
Increased security for your NIU Student accountTo protect student accounts, NIU is increasing the risk sensitivity of login security policies which may result in increased MFA challenges or blocked access to your account. This additional protection will only trigger when risky or unknown logins occurs.
In some rare cases, where a student email account is considered as compromised, the account will be blocked, and students should contact the NIU Service Desk (email ServiceDesk@niu.edu or call 815-753-8100) to resolve their account situation and reset their password.
How can students protect themselves?- We strongly recommend using the Microsoft Authenticator app for MFA instead of SMS texting codes or phone calls for authentication. More information on using the app can be found at: https://www.niu.edu/doit/security/multifactor-authentication.shtml under the Frequently Asked Questions area.
- Never approve an MFA message that you are unsure about. If you are not attempting to login, you should deny the MFA message, reset your password and report it immediately.
- Become more aware of how phishing works by reviewing “The Phishing Scam Artist” on the NIU Information Security website: https://www.niu.edu/doit/security/index.shtml.
Phishers attempt to trick you into clicking on a link and providing them with your personal information. They could be after your money, identity and control of your device. Phishers also try to create urgency around a situation. Be careful of suspicious links, attachments and make sure that the logo and format of the email is as you would expect from a trusted institution.
11/11/2022 -
The FBI and FTC have released warnings about potential scams targeting individuals attempting to enroll in the newly announced Federal Student Aid Relief Plan. Please note that the courts have issued orders blocking the program, so currently applications are not being accepted. Please monitor the official site for the latest status of the program: https://studentaid.gov/.
Scammers may be looking to steal personal and financial information, or program payments from potential victims through multiple schemes, including:
- fraudulent websites that mimic the application form,
- phone scams,
- phishing emails,
- SMS (text messages), and
- other online chat services.
What you should know
Only apply at the official Federal Student Load Debt Relief site: https://studentaid.gov/. Applying for the program is free of charge. Any requests to pay for enrolling in the program or for processing the application indicate fraud.
When you apply, the application WILL ask for your name, birth date, Social Security number, phone number and address. The application process DOES NOT require you to provide bank account or credit card information, log into any accounts or upload any documents during the initial phase of the application.
The US government will not send notices to advertise the program, so any emails, phone calls, SMS messages you receive pointing to applications will be fraudulent.
When using Google to find out more about this program, beware of ads for services that charge fees, impersonate government agencies, or try to gain personal information.
Tips to Protect Yourself
Do not open links from suspicious email addresses. During later stages of the application process, requests for additional information will only come from the following email addresses:
- noreply@studentaid.gov
- noreply@debtrelief.studentaid.gov
- gov@public.govdelivery.com.
Exercise caution when entering any personally identifiable or financial information on websites, or when downloading images or files from an unknown or unsolicited email. Check for spelling or grammatical errors on the website or in an email received.
What to do if you are a victim
If you find yourself a victim of an internet scam, please refer to the FBI PSA Potential Fraud Schemes Targeting Individuals Seeking Federal Student Loan Forgiveness site, and scroll down to the bottom of the notice for actions you can follow.
You can also report the scam at the following FTC site: ReportFraud.ftc.gov.
The Phishing Scam Artist
What is phishing?
- Phishing is a form of cyber-attack where the attacker ‘mimics’ another person, university or business with the hopes of tricking the user into clicking a link and/or providing their personal information.
What do they want?
- Money! Or worse - your identity!
- Oftentimes the attacker is looking for personal information – social security number, username and password, or banking information – in order to gain access to your account(s).
- Control!
- Other times the attacker is attempting to infect or take control of your device.
What’s in their ‘bag of phishing tricks?
Does phishing sound scary? It can be. The best defense is being informed and knowing how to avoid becoming a victim to a phishing email. Attackers have quite the array of ‘tricks’ they use to trap a user such as:
- URGENCY! Telling you this needs immediate attention, or ELSE!
- Suspicious links
- Attachments
- Using the same logo/format as an email you’d expect to see from an otherwise established institution to gain your trust
How to protect yourself
Be critical of the email and assess who it’s from and the reason behind it. Is the email asking for your credentials? Are they trying to get you to open an attachment? Click on a link? Sometimes it is smart to call the organization or check the organization’s website to verify if they are sending emails of this nature out to their users/customers.
- Do NOT:
- Keep any detailed personal or family information in your stored emails.
- Maintain any personally identifying information such as driver’s license, SSN, passwords, credit card numbers or date of birth in your emails.
- Write your passwords down, share or email your passwords to anyone or use commonly constructed passwords (pet names, family names, SSN, etc.).
- Walk away from your computer while still logged into your email without locking your screen.
- Use your date of birth or easily obtained information for passwords or password reset questions.
- Do:
- Safeguard your passwords and information.
- Always lock your computer and/or device.
- Report any suspicious emails to abuse@niu.edu.
- Use common sense and a critical eye when reviewing emails.
- Always log in with a trusted URL.
- Verify the link sent in an email by 'hovering' over to see its true destination.
- Verify the sender of the email by 'hovering' over their name to see what email address was used.
Oh NO! I just answered that phishing email; what do I do now?
If you responded to a request for a password and/or provided account information to someone inadvertently:
- Change your password to a dissimilar and better password immediately.
- Notify the IT Service Desk immediately at 815-753-8100.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for suspicious charges to your account.
- If you believe your identity may be compromised:
- Please visit the FTC’s Consumer Information regarding Identity Theft for more information and steps to recover.
- Please contact your local police department.
- You may contact the NIU Department of Police and Public Safety at 815-753-1212 or NIUPD@niu.edu;
- Contact credit bureaus to freeze your credit.
More Information
- Junk Mail Settings
- Avoiding Social Engineering and Phishing Attacks
- How to Recognize and Avoid Phishing Scams
- Protecting Your Privacy
- Multi-Factor Authentication Project (2017)
- INFOSEC Awareness Training (A Cry For Help)
- Internet Safety for Students by Oliver Schinkten
Report it!
If you receive a phishing e-mail, forward it as an attachment to abuse@niu.edu.
COVID-19 Scams
August 22, 2021: Please be aware that COVID-19 scams and disinformation continues to be rampant. These scams target individuals for personal and financial information, and disinformation campaigns target organizations to cause dissidence and create favorable conditions for further attacks. https://oig.hhs.gov/fraud/consumer-alerts/fraud-alert-covid-19-scams/
Protect Yourself
-
- Do not buy fake vaccine cards, do not make your own vaccine cards, and do not fill-in blank vaccination record cards with false information.
- Offers to purchase COVID-19 vaccination cards are scams.
- Be cautious of COVID-19 survey scams. Do not give your personal, medical, or financial information to anyone claiming to offer money or gifts in exchange for your participation in a COVID-19 vaccine survey.
- Photos of COVID-19 vaccination cards should not be shared on social media.
- Do not respond to, or open hyperlinks in, text messages about COVID-19 from unknown individuals.
- Ignore offers or advertisements for COVID-19 testing or treatments on social media sites. If you make an appointment for a COVID-19 test online, make sure the location is an official testing site.
- Do not give your personal or financial information to anyone claiming to offer grants related to COVID-19.
- Be aware of scammers pretending to be COVID-19 contact tracers. Legitimate contact tracers will never ask for your Medicare number, financial information, or attempt to set up a COVID-19 test for you and collect payment information for the test.
If You Make or Buy a Fake COVID-19 Vaccination Record Card, You Endanger Yourself and Those Around You, and You Are Breaking the Law https://www.ic3.gov/media/y2021/psa210330
June 2, 2021: Hackers Exploit Post-COVID Return to Offices | Threatpost
April 22, 2020: The FBI has release a public service announcement, Online Extortion Scams Increasing During The Covid-19 Crisis, through the Internet Crime Center.
NIU students and employees, if you feel you have been a victim please contact NIU Police at 815-753-1212.
April 8, 2020: Please review current guidance from the US Department of Homeland Security.
Due to the global COVID-19 pandemic, the number and manner of scams is increasing sharply. If you have any concern about a potential incident or worry you might have fallen victim to a phishing attempt, please contact our Information Security team by sending an email describing the incident to abuse@niu.edu and refer to email phishing. The current scams will be updated in our IT Service Portal under "Phishing/Security Events". You will need to login before you can review it.
Malicious Phone Calls
Bad actors are pretending to be:
- IT support
- From your Bank
- From your Credit Card company
- From your Insurance Company
None of those resources will make an unsolicited call to you.
They will ask for your account, or personal information, or ask you to verify a PIN, or ask you to go to a website for assistance.
Do not do it, and do not give any information to the caller.
Hang-up, and if necessary contact the appropriate resource through normal channels.
- IT support – IT Service Portal or your local IT support
- From your Bank – go to your bank’s website and see how to contact them
- From your Credit Card company – use the phone number on the back of your credit card
- From your Insurance Company – use the contact information on your insurance card
Email Phishing
Malicious emails about COVID-19 containing malware are also on the rise. These emails are spoofing health related organizations and claim to offer cures, vaccines, tests or other opportunities related to COVID-19. If you receive such emails, Please do not reply to the email or click any link or open any attachment, and just send the email itself as an attachment to abuse@niu.edu.
These emails will falsely claim to be:
- CDC Alerts – The CDC will not send you an unsolicited alert. The only way to get alerts from the CDC is to go to their official website and subscribe.
- Health Advice or Healthcare Organizations – These will ask you to click a link or open an attachment to get access to a test, vaccine, a cure or to download/review safety measures. Clicking the link or opening the attachment will either download malware or persuade you to enter personal information.
- Local Public Safety or Public Health alerts – These will claim you need to click some link to stay safe or register to stay safe or need to open an attachment since you missed an important phone call from them.
- NIU officials and NIU Departments – These emails will likely say there is an urgent change in policy and you need to click on a link or open an attachment.
Malicious Websites
An astonishing number of new websites using the COVID name have popped up. These are not reputable websites at best, and at worst deliver malware to your computer right through your browser.
Malicious Mobile Apps
Please beware of all sorts of new COVID mobile apps. A new Android app at a website called “coronavirusapp” is a ransomware locker.
Some other coronavirus apps have been identified as info stealers
Please only use reputable mobile apps.
What to do if you think you are a victim
If you responded to a request for a password and/or provided account information to someone inadvertently:
- Change your password to a dissimilar and better password immediately.
- Notify the IT Service Desk immediately at servicedesk@niu.edu, and abuse@niu.edu
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for suspicious charges to your account.
- If you believe your computer has been compromised by malware please do a windows defender offline scan and contact your IT support. Instructions for doing the scan can be found at the following link.
If you believe your identity may be compromised
- Please visit the Federal Trade Commission’s Consumer Information regarding Identity Theft at ftc.gov/ID theft for more information and steps to recover; OR
- Please contact your local police department; OR You may contact the NIU Department of Police and Public Safety at 815-753-1212 or NIUPD@niu.edu;
- Contact credit bureaus to freeze your credit.
Security Awareness
Security Services at NIU
- Annual Data Breach Reports:
- 2018
- 2019
- MFA for Applications:
- it.niu.edu Request Services MFA For Application
- System Vulnerability Scan:
- it.niu.edu Request Services System Vulnerability Scan
- Vendor Assessments:
- it.niu.edu Request Services Assess Vendor/App Security
Information Technology Policies, Standards and Guidelines
Policies
- For Information Technology Policies, visit the NIU Policy Library and the University Business Procedure Directory for Information Technology.
Guidelines
- Account and Password Guidelines
- Copyright and File Sharing
- Data Classification Guidelines and Procedures
- Employee Account Data Availability Guidelines
- Encrypting Restricted Data
- Information Security Awareness Training
- Information Security Guidelines for Travel
- Minimum Security Guidelines for NIU Owned Devices
- Protecting Restricted Data
- Smartphone Security
- Surplus Electronic Data Processing Equipment with Hard Drives
- Work From Home and Personal Device Security Guidelines
Standards and Rules
Contact Us
Division of Information Technology815-753-8100
ServiceDesk@niu.edu