Official University Emails
Unsure if that email you got is legit? Use this site as a source of known EIU emails for official communications.
Sent: 2026-02-24
From: EIU
To: Various Recipients
From: EIU
To: Various Recipients
Subject: EIU Phishing Simulation Results - Spring 2026
Dear EIU Team,
Late last week, EIU conducted a phishing simulation for all employees featuring an “IMPORTANT TAX RETURN DOCUMENT AVAILABLE” prompt. This exercise mirrored a tactic recently seen in an actual attack. Of the 1,119 participants, 36 employees (3.22%) entered their EIU username and password—an improvement from the 12.96% who did so during a similar simulation in FA 2024. These results show meaningful progress in identifying threats and avoiding credential compromise.
However, nearly 6% of users clicked the link—an action that, in real phishing attacks, can be enough for an attacker to gain access to devices or accounts. Additionally, the percentage of employees who reported the simulated phishing message declined from 35.6% to 27.5%. To report phishing attempts, please use the “Phishing” button in Outlook or forward suspicious messages to phishing@eiu.edu.
Safeguarding every EIU account is essential to our university’s security, regardless of individual roles. Attackers often start by targeting non-privileged accounts to gain an initial foothold, eventually moving through internal systems toward more secure areas. Phishing attempts are responsible for initiating 91% of ransomware attacks, underscoring the importance of robust security practices.
The recent simulated email included multiple indicators of phishing:
1. The sender’s email address is not one you communicate with on a regular basis and is not listed on EIU's email verification page: https://www.eiu.edu/panthertech/email_verification.php
2. Internal Revenue Service was misspelled.
3. The URL provided in the email was unfamiliar and not linked to Microsoft or EIU.
EIU will continue to conduct phishing simulations and share the results with the campus community. It’s crucial to remain vigilant, take time to verify email content, and promptly report any suspicious emails. You can use the "Phishing" button in Outlook or forward suspicious emails to phishing@eiu.edu. Please also monitor MFA requests and decline any push notifications that you did not initiate or that appear unusual; report any such activity to info-sec@eiu.edu.
Thank you for your attention to this important matter.
RYAN GIBSON | CIO
rwgibson@eiu.edu | 217-581-1904
EASTERN ILLINOIS UNIVERSITY
Information Technology Services
600 Lincoln Ave. | 4312 Student Services Building
Charleston, IL 61920
www.eiu.edu/pantherte
Late last week, EIU conducted a phishing simulation for all employees featuring an “IMPORTANT TAX RETURN DOCUMENT AVAILABLE” prompt. This exercise mirrored a tactic recently seen in an actual attack. Of the 1,119 participants, 36 employees (3.22%) entered their EIU username and password—an improvement from the 12.96% who did so during a similar simulation in FA 2024. These results show meaningful progress in identifying threats and avoiding credential compromise.
However, nearly 6% of users clicked the link—an action that, in real phishing attacks, can be enough for an attacker to gain access to devices or accounts. Additionally, the percentage of employees who reported the simulated phishing message declined from 35.6% to 27.5%. To report phishing attempts, please use the “Phishing” button in Outlook or forward suspicious messages to phishing@eiu.edu.
Safeguarding every EIU account is essential to our university’s security, regardless of individual roles. Attackers often start by targeting non-privileged accounts to gain an initial foothold, eventually moving through internal systems toward more secure areas. Phishing attempts are responsible for initiating 91% of ransomware attacks, underscoring the importance of robust security practices.
The recent simulated email included multiple indicators of phishing:
1. The sender’s email address is not one you communicate with on a regular basis and is not listed on EIU's email verification page: https://www.eiu.edu/panthertech/email_verification.php
2. Internal Revenue Service was misspelled.
3. The URL provided in the email was unfamiliar and not linked to Microsoft or EIU.
EIU will continue to conduct phishing simulations and share the results with the campus community. It’s crucial to remain vigilant, take time to verify email content, and promptly report any suspicious emails. You can use the "Phishing" button in Outlook or forward suspicious emails to phishing@eiu.edu. Please also monitor MFA requests and decline any push notifications that you did not initiate or that appear unusual; report any such activity to info-sec@eiu.edu.
Thank you for your attention to this important matter.
RYAN GIBSON | CIO
rwgibson@eiu.edu | 217-581-1904
EASTERN ILLINOIS UNIVERSITY
Information Technology Services
600 Lincoln Ave. | 4312 Student Services Building
Charleston, IL 61920
www.eiu.edu/pantherte