Campus Community,

Please be aware that there are a number of simultaneous sophisticated phishing attacks targeting email accounts across the University. They come in the form of emails designed to appear as legitimate campus communications.

Recent phishing attacks of this type have included spoofs of emails such as ILLINI ALERTS or messages about Two-Factor Authentication. Any time a broadly disseminated legitimate message such as 2FA is sent, attackers often mimic them as well.

In addition to the tools that Technology Services Privacy and Security uses to mitigate and monitor for phishing campaigns, you are a key part of preventing account and computer compromises. There is much you as an individual can and should do to protect your account and thus your personal and University data.

Be vigilant.

• Many attacks mimic legitimate, relevant campus communications. The University of Illinois will never ask you to reply to an email with your password or to update account information through email.

Know before you click.

• Check the hyperlink targets and attachments in email before clicking. Legitimate Illinois website addresses begin with illinois.edu or uillinois.edu. Only enter your NetID and password into pages with legitimate Illinois addresses.
• Any website that is asking for sensitive information should begin with HTTPS.

Recognize and report.

• If you are unsure whether an email or phone call is from the University of Illinois, please contact the Help Desk by emailing consult@illinois.edu or by phone at 217-244-7000. When in doubt, please contact the Help Desk.
• If you receive a phishing email claiming to be from the University of Illinois you may simply delete it. However, reporting the email can help the University to improve our mitigation strategies and reduce the number of account compromises. To report an email as spam simply forward the email in question to report-spam@illinois.edu.

The University will continue to actively monitor and react to phishing attacks. Your partnership is key to reducing the number of successful “phishes”. For more information about phishing and how to spot it please visit https://answers.uillinois.edu/illinois/page.php?id=48243.

Sincerely,

Charles Geigner

Assistant Director of Privacy & IT Security Infrastructure Privacy and Information Security Technology Services at Illinois University of Illinois at Urbana-Champaign
(217) 300-7182

cc: Joe Barnes, Chief Privacy & Security Officer