Phishing scam puts University faculty research at risk

The+Quad+on+a+sunny+day+at+the+University+of+Illinois+at+Urbana-Champaign.

Angela Kerndl

The Quad on a sunny day at the University of Illinois at Urbana-Champaign.

By Lilly Mashayek

University Technology Services is warning faculty about an email phishing scam asking them to enter their Network IDs and passwords into a fake University webpage.

Email phishing scams send emails that bait the victim into entering their information into a fraudulent webpage, according to Microsoft’s Safety and Security Center. Once someone enters information, the scammers can use it to steal money or other information.

“We were made aware of the phishing attack on the same day that it happened,” said Brian Mertz, chief communications officer for Technology Services.

After being notified, Technology Services began blocking the attacks when possible. As others persisted in various forms, they began alerting faculty.

Since phishing scams typically reach a large number of people, Mertz said the scammers often do not take the time to make the fake webpages look convincing. One positive side effect is this can make it really obvious that a scam is taking place.

“They hope that people will blindly enter information,” he said.

However in this case, Mertz said the scam specifically targeted faculty at the University, prompting the scammers to make the login page look more convincing.

“The only thing in this case that tipped people off to the site being fake was the URL,” he said. “Instead of the website having an “illinois.edu” address, the address was “illinois.edue.in.”

University Police spokesperson Pat Wade also said that checking the URL is a good way to verify a webpage’s authenticity.

“You really want to educate yourself on these kinds of attacks because they’re going to keep happening,” Wade said. “This is just one of them; this one will go away and something new will replace it.”  

Mertz said there are a number of different motives for why the scammers are trying to steal faculty Network IDs.

“(The IDs) can be used for any number of things, including launching other spam and phishing attacks from that person’s email, or more nefarious things like changing their direct deposit information to steal a paycheck,” he said.

However, Mertz said the information the scammers steal could also potentially affect faculty members’ research.

“That is a concern for us because not only does that research data have value. But if a researcher’s data was compromised, that can put their grant funding at risk,” he said.

Technology Services is often able to identify phishing attacks quickly due to a series of monitors and safeguards, Mertz said. They also receive reports from people who receive the scam and from the IT staff around campus.

University Police Lt. Joan Fiesta said it is important for people to report these scams to police.

“If somebody has given money (or) given up any personal identification, we want them to report it,” she said. “We have seen a few of those come through after it’s been too late.”

Even if the scams do no harm, Fiesta said it is still important for people to report them. She said reporting scams can potentially help in aiding future investigations.

[email protected]