UIC Cyber Guard
Sharing online and email scams encountered by UIC Community
Welcome to UIC Cyber Guard, your go-to source for staying updated on cyber scams targeting UIC! The UIC Information Security and Privacy Office is committed to cybersecurity and encourages the community to be aware of the common scams targeting UIC students.
Shortcuts Heading link
Quote Heading link
UIC Cyber Guard is a great resource to see common online and email scams reported or encountered by the UIC Community. Report and share suspicious emails to security@uic.edu.
Duo 2FA Phishing Heading link
Fraudulent emails, known as phishing, are a common way criminals steal UIC NetIDs and passwords and gain access to your private information and UIC resources. Malicious actors have found ways to trick victims into giving away their two-factor passcode or accepting a Duo prompt.
Stay alert for unexpected and/or multiple Duo prompts.
Beware of unexpected and unsolicited Duo 2FA prompts. If you are unexpectedly prompted to use Duo and deviate from your normal usage, this could be a sign your password has been compromised. You should change your password immediately.
If you receive an unsolicited Duo prompt, change your password immediately.
If you receive an unsolicited Duo prompt, a malicious actor has obtained your credentials. You must immediately change your password to protect your account. Once you change your password, the attacker will be kicked out of your account and no longer able to send you authentication requests. Contact security@uic.edu if this happens to you.
Regularly review and update your Duo 2FA settings.
Once a malicious actor accesses your account, they can modify your 2FA settings to add their own device so you are no longer alerted with prompts. It is critical to regularly review your devices to ensure that only relevant devices and updated numbers are tied to your account at uillinois.edu.
Fake Job Offers From "Professor" Heading link
Criminals posing as a professors or spoofing official-looking UIC emails attempt to trick you into thinking they are legitimate UIC employees. This email was circulating on campus and shows the telltale signs of a scam. Below are a few signs this is a scam:
1.) Sender name and email address does not match
2.) Offers large payment for little work
3.) The attachment will include fake job description, and other false information, and will instruct you to contact them at an alternate email (non-UIC email)
Job Offer From Professor Heading link
Screen shot of fraudulent email from cybercriminal posing as professor.
Fraudulent Vacation & Salary Notifications Heading link
This is a typical phishing scam where the scammer wants the recipient to click the link. Clicking on this link will redirect to a fake webpage where you can enter log-in credentials, or you will be prompted to complete a download of malicious software or files. Below are a few signs this is a scam:
1.) The email address is not a uic.edu email.
2.) The link redirects to a fake site.
3.) Provide fast deadlines or express a sense of urgency.
4.) The email and website listed in the signature are invalid.
Free Items & Giveaways Scams Heading link
Criminals will pose as faculty or students claiming to be moving or downsizing and offer furniture, equipment, or other valuable items for free. Although the item is “free”, the individual will require and request a delivery or transportation fee for you to receive the item.
This email is an example of an individual claiming they are “giving away” a 2014 Steinway grand piano, an item worth over $10,000 USD. However, to receive the “free piano”, you will be asked to send money for “delivery fees”. You will never receive the item and may also lose the money you send!
1.) The email claims they are giving away a valuable item due to moving, a death in the family, or some other made-up reason.
2.) The sender will require you to pay a delivery or shipping fee via wire or bank transfer in order for you to receive the “free” item.
Remember, if it sounds too good to be true, it probably is.
Fake Microsoft Deactivation Heading link
If you receive an email to your inbox claiming your Microsoft account is being deleted, do not be alarmed! This is a common scam. Criminals want you to click on the link in the email, which will take you to a fake website. They want you to enter your login credentials to steal them!
