Individuals at the University targeted in phishing attacks
July 7, 2014
During the past week, individuals at the University were targets of sophisticated phishing e-mails, according to a massmail from Joe Barnes, interim chief privacy and security officer.
Due to the attack’s sophistication and similar phishing attacks experienced by other Big Ten schools, the University’s Office of Privacy and Information Assurance believes these attacks were meant to gather enough information to access University resources and to potentially change personal information, such as payroll direct deposit information.
The messages appeared to be sent from “UIUC Human Resources” and directed recipients to a fake version of a University of Illinois Enterprise Authentication Login page, but queried users for their PIN as well. The attack elicited user information here, rather than individuals replying to the e-mail with their information.
The massmail advises that web users should check the address bar of the web browser when online, only entering sensitive University information on websites that have illinois.edu or uillinois.edu at the beginning of the address. Any websites that ask for sensitive information will begin with HTTPS.
The Office of Privacy Information Assurance has notified the recipients of the message and is now monitoring affected accounts for suspicious changes in response to this attack. Additionally, both the office and CITES are working on changes to better protect users of the University’s web resources.
The massmail advises anyone who is unsure whether they have received an authentic e-mail or phone call from the University to contact the CITES Help Deck by e-mailing [email protected] or by phone at (217)244-7000.
Phishing e-mails can also be reported to [email protected]