The Office of Technology Solutions tracks phishing campaigns that are launched against ISU. Phishing campaigns can be 10x, 1000x, or even 10000x emails per campaign depending on the attack. There were 19 phishing campaigns in Fall 2019, that number increased to 28 in Spring 2020, and to 31 during the Fall semester of that year. So far this year (2021) we have seen 46 phishing campaigns target our Redbird family. These numbers are exclusively tracking email attacks, but phishing isn’t exclusive to email anymore. Scammers use text messages, DMs, phone calls, and many other methods to snag your personal information such as your ULID and password. They use various technologies to hide their identities so that no one can easily track down who they are. Below are some common phishing scenarios and tips to keep your information private and your accounts secure. 

Phishing Emails: Scammers create emails that contain links to a fake website that is designed to collect the information that victims enter. The most common tactic is to present a fake ISU login page and trick you into entering your ULID and password. Once they have your account information, they can log in to your email and use bots to send out waves of phishing emails to others on campus. Since the email is now coming from an internal email, people are more likely to take the bait.

Don’t fall for phishing emails …

Never click a CLICK HERE or login link in an email. ISU will never ask you to verify your account via email.
Check for spelling errors or random spaces.
Carefully read the “from:” address. Phishing emails use addresses that are close to a legitimate address such as “illinoisstat.edu.com“ 

VoIP Phone Numbers: These phone numbers are from third-party apps, meaning that scammers can choose any location they want to showcase and make a phone number based on that location. They can also spoof Caller IDs to make their victims believe that they are someone else. These phone numbers are not associated with a specific location, so it is hard to track down where people with VoIP numbers are coming from. They may indicate that there is a problem with your account and say they need to confirm your information for security reasons.

What you can do …

Do not give out or “confirm” personal information (such as social security number, account information, etc.) when someone calls you unprompted.
If you receive a call that has you concerned, don’t call them back.  Instead, follow up by calling an official phone number or through the official website (example: irs.gov) 

Fake job offers: Scammers lure victims in by offering a part-time or work-from-home job opportunity. Typically, this is presented as a personal assistant position for an executive that is traveling regularly. They will send a paper check at first which the victim can scan and deposit in their account. Then they ask for account information to set up direct deposit. They may ask the victim to purchase supplies through their vendor or purchase gift cards as part of their daily responsibilities.

Important Tips

If they have a job overseas, this is a huge red flag that they might be a scammer since they usually use this as an excuse to not see you or video chat with you.
Never give out your banking information.
If someone is randomly contacting you out of the blue on Facebook, Instagram, or Twitter, it usually means that a scammer is on the other side.