2022 Cybersecurity Awareness Month: Common scams targeting UIC faculty and staff

Through password dumps or phishing, cybercriminals will use your leaked credentials to send repeated Duo 2FA prompts with the hopes to annoy or trick you into accepting the request.  If you receive unsolicited Duo 2FA authentication requests, DO NOT authenticate them.

• Never approve a Duo 2FA request you did not initiate.
  A Duo 2FA prompt will ONLY occur if you are trying to log into a university system, application, or service at that moment.
• Change your password immediately.
  If you receive a Duo 2FA push notification you did not initiate, change your password immediately at identity.uillinois.edu and contact security@uic.edu with the details.

Phishing emails are a type of email scam where an attacker impersonates a person, company, brand, organization, or other entity with the goal to get you to click on a link or open a file attachment. These emails can appear authentic and can fool almost anyone.

The links and attachments in phishing emails have one goal: to steal information. Links will take you to a landing page encouraging you to sign in using your login credentials. Opening malicious file attachments can install malware to your computer that is meant to record your keyboard activity and steal data. Common phishing scams include:

• Password Notifications – Emails claiming you requested a password change and to log in immediately to cancel the request.
• Voicemail Messages – Scammers try to trick you into opening an audio attachment or logging into a fake website claiming you have an urgent voicemail.
• Shipping notifications – Be aware of emails impersonating shipping companies with fake delivery notifications or shipping status alerts.
• Receipts & invoices – Scammers posing as popular online retailers, such as Amazon, send emails with a fake receipt or invoice attachment.
• Gift card & prize scams – If you receive an email that you won a gift card, be very careful especially if you do not remember entering a contest. The scammers will state you need to pay a “processing fee” via bank transfer before getting the “prize money” deposited to your bank account.

If you receive an email from a UIC Chancellor, Provost or other UIC employee asking for an urgent favor or help with purchasing a gift card on their behalf, you’ve been targeted by a common scam. Using spoofing technology, scammers can mimic “@uic.edu” emails and will send emails to UIC employees asking for a favor. Do not be fooled and learn what to look for:

•  Scammers will pose as university leaders
  Scammers will use “spoofing” technology to mimic a UIC email and pose as a fellow student, instructor, university employee, or other member of the UIC community. Gift card scam emails will usually be from a university leader that you probably do not work with. Scammers will find the names of university leaders online and will pose as them to get you to fall for the scam.
• Scammers will ask for a “favor” to purchase a gift card
  They will ask for a “favor” and request that you purchase a gift card on their behalf and (i.e., “I’m in a meeting right now and need some help. Will you purchase this gift card for me?”). They promise that you will be reimbursed for the purchase and then will ask you to send the gift card number and pin.
• Scam messages use urgent language
  These scammers are hoping to catch you off guard and rush you into acting quickly. They will not be available to speak on the phone and may ask you to contact them using a non “uic.edu” email address.
• Scam messages are written poorly
  The emails are usually full of typos, not written in professional language and use very casual greetings or closing words.

The Biden Administration recently announced a student loan forgiveness program, and scammers are on the prowl. Beware of student loan forgiveness scams. Scammers will send emails, text messages or call you directly impersonating a Department of Education employee, government agency, or a loan forgiveness program representative and will try to scam you out of money. Learn how to identify a student loan scam.

• Don’t pay any fees
  Student loan forgiveness programs are free! There are no fees to participate in loan forgiveness programs. If someone says you have to pay a fee, this is an immediate red flag and is a scam.
• Don’t sign up for quick loan forgiveness programs
  There is no organization or individual that can expedite your loan forgiveness faster than the Department of Education. If you receive a message like this, it is a scam!
• Don’t be rushed or hassled into making a decisions
  Scammers will prompt you to “act quickly” and say things like “this offer won’t last long” and use other urgent language. Their goal is to rush you into signing up quickly before you can realize you are being scammed.
• Don’t give out your student federal loan ID or any personal information
  Never share your federal loan ID, or other private information including login credentials, banking information, home address or social security number with unknown individual.

• Approved Duo 2FA Phishing
  If you approved a Duo 2FA notification you did not initiate, change your password immediately at identity.uillinois.edu and contact security@uic.edu with the details.
• Purchased Bitcoin or Giftcard
  If you receive phishing/scam emails or calls and purchased gift cards or Bitcoin, please contact UIC Police for assistance at police.uic.edu.
• Victim of a phishing email
  If you receive phishing/scam emails or calls and have given or entered your NetID and password or other personal information, please immediately change your password at identity.uillinois.edu and contact security@uic.edu with the details.
  

University policy requires all faculty and staff to complete information security awareness training biennially. Technology Solutions Security Team will be administering mandatory comprehensive security training in October 2022. Security awareness training will be conducted by KnowBe4, a leader in security awareness training.

Each year, Technology Solutions runs a student Cyber Security Awareness campaign. This year, we are making staying safe online fun for students with a weekly email with valuable tips, best practices, and a chance to win a prize! Access week one and two below: