Sent: 2021-12-09
From: EIU
To: Various Recipients
Subject: Targeted Phishing Attempts at EIU
EIU has seen an increasing number of faculty-targeting phishing attempts using already established platforms such as Google Docs and Microsoft SharePoint. Receiving emails from official-looking and recognizable sources makes it difficult to determine if an email is legitimate. Avoid clicking links or downloading attachments you are not expecting. Check with your leadership or coworkers before opening an invite to a service or document. When in doubt, please submit the message to phishing@eiu.edu or from the menu bar in Outlook select “Junk” then “Phishing”.
This year, EIU implemented multifactor authentication and the platform has helped protect EIU employees and data. When asked to verify your login, please continue to be diligent and check the location of the login and react properly. If you are not actively logging in and see the location is not nearby, please deny the login, mark as fraud, change your password at https://password.eiu.edu, and contact ITS.
If you would like to review best practices, please take the short phishing training course located at: Phishing - EIU Phishing Training
Below are recent examples of phishing attempts and the indicators that the email was not legitimate.
- The message was sent from an individual who was not an EIU employee.
- The email carbon copied had a non @eiu.edu email address.
- Names throughout the message change.
- Change in normal process of getting the information and/or not expecting the document.
- Once the link is clicked, the document asks for EIU username/password in a non-standard way. EIU utilizes https://panthermail.eiu.edu/ for most login sessions.
- Look for warnings within the subject such as [SPAM]
< Example Phishing Image Here>
