Several phishing emails, fake emails attempting to get personal information, have recently been sent to a large number of students at NEIU. The emails pretend to be official NEIU announcements or warnings from University Technology Services (UTS) and ask the recipient to click a link or to provide personal information. They seem more legitimate because they come from genuine NEIU email addresses and do not have the “outside of organization” warning. This is possible because several people with NEIU email addresses have recently had their emails hacked and used to send these phishing emails, according to one of the students whose email was used. The hackers used those email addresses to avoid the “outside of organization” warning that would have made the scam obvious.
UTS was unable to comment to the Independent for security reasons. However, they sent out an email warning students to be wary of common subject lines from the phishing emails. These subject lines typically include:
OPPORTUNITIES FOR PART-TIME EMPLOYMENT
NOTICE TO ALL STUDENTS (HIGHLY RECOMMENDED FOR DUAL ENROLLED STUDENTS)
IMMEDIATE ACTION REQUIRED FROM IT ADMIN
The email also included instructions for students who have already given their information to one of these phishing emails. UTS recommends resetting all passwords and security questions for any potentially compromised accounts as well as monitoring credit cards for odd activity. They also say that students expecting pay from the Free Application for Federal Student Aid (FAFSA) should “check that your banking information has not been changed.”
UTS emphasized that the “IT Service Desk will never request for you to submit sensitive data and/or your full credentials via email, phone or any other medium.” They say that phishing emails use “fear and urgency” to trick students into giving up important information before verifying the identity of the person requesting it.
UTS is already taking steps to prevent further hacks and phishing attacks, including sending out another email announcing the availability of a new Multi-Factor Authentication method. It is available to all students and is meant to add another layer of security for anyone trying to log into an NEIU account. This measure is currently optional, but UTS indicated it would become mandatory on Friday, February 21, 2025.
In the interim, UTS has asked that anyone who believes they have received a phishing email to not respond and instead forward the email to abuse@neiu.edu.