Fishing for answers: NIU reeling in phishing problem

September 6, 2023

Scammers have been been sending fraudulent emails to NIU students attempting phish personal information. (NicoElNino | Getty Images)

DeKALB – When it comes to phishing for personal information, scammers only need a single bite to reel victims in.

The recent string of fraudulent emails plaguing NIU students and faculty have left some questioning the safety of their inbox.

Phishing emails trick recipients into divulging sensitive information. While this sounds easy to avoid, giving scammers a way in can be easier than baiting a hook. NIU’s Information Security Manager Susie Armbrust warned against the possible danger of using your student email to open accounts online.

“It only takes one person to compromise the rest. One student could have used their Z-ID and password on another page, and just like that, they’re in,” Armbrust said. “Once they have your login and password, they can access all sorts of information. Just think for a minute about what personal information you have stored in your inbox.”

Scammers only need a small foothold to cause serious damage. With minimal information, they can lock out users, set up checking accounts, charge purchases or even take out student loans in their victim’s name while directing the money to their personal bank accounts.

Romi Stralka, a senior majoring in media studies, had a friend recently receive one of these phishing emails.

“I had someone message me and ask if I got the same message because it seemed like a good opportunity, and my other friends were like ‘don’t click that, it’s not a real thing.’ They almost fell for it,” Stralka said. “Things (emails) like ‘$250 for five hours of work’ and stuff like that.”

“It’s all about the money,” Armbrust said. “If they can get your online address book, they can sell your contacts and any other personal information they can find on the dark web, and this information can be sold hundreds of times.”

For now, the university depends on Microsoft’s security filtering software to fish out false messages, but technology, and the methods to misuse it, are always advancing. However, the best defense against these scams may be what the university does best – educating their students.

In addition to keeping students informed about these fake emails, NIU has provided free phishing training on Blackboard to help students learn how to spot them.

“The best thing anyone in the world using email can do to protect themselves from these scams is to educate themselves,” Armbrust said. “Be skeptical of messages claiming urgency, and remember if it sounds too good to be true, it probably is.”

Promises of easy money can be enticing, but Armbrust urges students to be critical of their email and what they store in it.

“Be vigilant,” Armbrust said. “Don’t be lazy with your email. It’s not a secure storage space for your sensitive personal information and never has been.”

Regularly deleting emails with personal information and emptying your garbage file can help, but when in doubt – just leave them unopened.

“If you’re not sure, don’t click the link,” NIU Instructor Bonnie Jensen said. “I’ve thought that I was good at recognizing them, but when I opened up the email, and they were listing all of the ones that were recent, I thought ‘wow, some of those are kind of clever, and I had never thought of them before.’”

If you receive a questionable email, you can send it as an attachment to [email protected] and check the message before opening it. If you believe you have already shared information with one of these scammers, contact the IT Service Desk at 815-753-8100 and change your password immediately.