Beware of Cyber Security Attacks targeting UIC Students, Faculty & Staff!
Cyber Security Attacks at UIC
The UIC Information Security and Privacy Office has received many reports of email and telephone scams targeting UIC’s community of local and international faculty, students, and staff. These attacks may be financially motivated, targeting access to your valuable university data, or seeking to steal credentials to leverage them for further attacks.
If you receive such a message, DO NOT RESPOND, and always be careful to only enter your credentials on authorized university web pages. If you click on a link and believe you have entered your password on a fake site, change your password immediately at identity.uillinois.edu. Then, contact firstname.lastname@example.org with the details so that we can check on activity to see if your account has been accessed and/or compromised.
Attacks Directed at Faculty & Staff
Attacks on UIC faculty and staff typically involve email pretending to be from university leaders, deans, directors, or department heads. The emails are often sent from addresses crafted to trick the recipient into thinking they are legitimate despite not actually originating from an @uic.edu address. For example, the email may arrive from “email@example.com” or “firstname.lastname@example.org” but not from “email@example.com.” The name of the sender is changed to the name of the university leader (e.g. “Bob Green”). The scammer is hoping that the recipient will not notice the fraudulent address or sometimes pretends to be from the leader’s personal email account.
The end goal of the emails appears to be to convince unsuspecting staff to purchase gift cards on the “leader’s behalf” and email the codes to them with the promise of later reimbursement.
The email attacks often begin with a message such as “are you available?” or “send me your cell number!” and if someone responds, the attacker explains that they are caught in a meeting, can’t take calls, and needs the recipient to buy gift cards for later reimbursement.
- Always take extreme care when providing personal information in response to an email.
- If you receive such a message, do not respond. If you are in doubt, contact the sender by another mechanism, including sending a separate email direct to their real @uic.edu address.
Attacks Directed at Students
Students are contacted via email with an offer of employment from a professor or campus leader with subjects like “Work from Home”, “Part-time Job Opportunity”, or “Urgent.” Typically, the scams tempt the student with a promise of easy money (e.g. $300/week for 2-3 hours of “work”).
Upon reply to these scams with personal information, the students either receive a check in the U.S. mail or are sent an “electronic check” to print out and are told to make a deposit. They are then asked to either purchase gift cards or Bitcoin and instructed to send the funds to the fraudulent “employer” or elsewhere.
Students later find that the deposited check is rejected/bounced by their bank resulting in a loss of the money sent to the attacker and most likely a bank fee for the bounced check.
- Scammers will often ask for a favor, to purchase gift cards, give them money or bank information on an “application”. This should be a red flag.
- Look closely at the email. Scam emails are often written poorly, contain typos, grammatical errors or use casual language.
- Always be cautious about “job opportunities” with promises of big payouts and employers that ask for payments via gift cards.
- As a reminder, if it’s too good to be true, it probably is!
Attacks Directed at International Students
The second scam targets UIC international students. In this scam, a student receives a telephone call from an attacker who identifies as a US Immigration and Customs Enforcement Agent. The calling phone number is spoofed and appears as a legitimate phone number belonging to ICE (202-732-4646).
The caller then informs the student that they are in violation of registering as an alien and must provide payment or be arrested by the UIC Police. The student then receives a subsequent call from someone who identifies as UIC Police and threatens arrest if the student does not comply with demands. The incoming phone number on this call is also spoofed and appears as a legitimate UIC PD phone number (312-996-2830).
The student then receives a third call from the alleged ICE agent who instructs the student to deposit funds into a specific bank account belonging to the offender via Zelle or other online funds transfer application.
- Government officials and UIC Police do not collect fines or fees via Zelle, Venmo, gift cards, bitcoins, etc.
- If you receive one of these calls, hang up, block the number and call UIC Police to report it at 312-996-2830.
What to do if you think you've been scammed:
- If you receive phishing/scam emails or calls and purchased gift cards or Bitcoin, please contact UIC Police for assistance at police.uic.edu.
- If you receive phishing/scam emails or calls and have given or entered your NetID and password or other personal information, please immediately change your password at identity.uillinois.edu and contact firstname.lastname@example.org with the details.