DeKALB — Phishing scams are a fairly common security threat; these threats can become serious quickly if not handled appropriately. Learning what phishing is and how to spot it is highly effective for account security.
NIU Director of Information Security and Operations Robert Barton described phishing and what attackers may try to obtain from individuals.
“Phishing is the attempt by a third party to gain information about you,” Barton said. “It can take the form of an email or where they ask questions or entice you to go to a website.”
While simply clicking a link may not always cause harm, sharing personal information with these scams can escalate the risk from a minor threat to identity theft.
A Threatlabz report conducted by cybersecurity firm Zscaler in 2025 not only revealed that Microsoft was the most frequently imitated in phishing scams, but the education industry is the third-most targeted by scammers.
“An attitude that I’ve seen from some students, not all, is that they’re not a target. You, as a student, are absolutely a target. Your data is not just a gateway to you, but it’s the gateway to the university,” Barton said.
A common red flag when identifying a scam is when an offer seems too good to be true.
Dashonti Cummings, a first-year nursing major, said job scams are the most frequent type she encounters.
“I don’t know about everyone else but I see job scams the most,” Cummings said
Job scams can often present themselves as easy opportunities, promising large weekly payments for minimal work and little time commitment. These offers are not legitimate and are not associated with the university. The best way to handle such scams is to report the email immediately and avoid clicking any links provided by the sender.
Phishing, however, is not the only kind of electronic scam that students should look out for. Smishing is the same overall concept of phishing, but on a more intimate level.
“Phishing is usually an email, a very broad attack. In other words, they’ll hit as many email addresses with the same message as they can, hoping to get one ‘fish,’” Barton said. “Smishing, on the other hand, is via texting. It is a little bit harder to do, but it definitely means they have a little more intimate information about you.”
Individuals may not update their account passwords until they are prompted to do so.
“I basically never change passwords unless I have to or feel like I need to,” said Jayla Ward, a first-year marketing major..
However, individuals may not realize a password update is necessary until their account has already been compromised. Personal privacy is often unknowingly surrendered when signing up for apps without reviewing the terms and conditions, sharing exact work locations or engaging in similar activities.
If information is ever provided to a scammer, Barton recommends closely monitoring all accounts containing sensitive information for any signs of compromise.
“If it’s something related to the university, we’d like to know about it because we may have other students who fall for the same attack,” Barton said. “Changing passwords is also important to do after an event like this, but you should also be monitoring bank accounts and locking credit cards.”
Notifying credit bureaus, banks and insurance companies after information has been provided to a scammer can help these institutions take proactive steps to enhance protection.
