What is Phishing?
Phishing is the criminal practice of attempting to trick someone into giving away personal information by masquerading as a trusted source.
Illinois State University has been the target of phishing emails for several years. These phishing emails are designed to look like they are from the University. They attempt to trick you into giving away your ULID account information (i.e. your ULID and password).
Never send your password in email!
Illinois State University will NEVER ask you to send your password in email.
Some phishing emails ask you to "verify your account" by replying with your user name (ULID) and password. In reality, if you send your password in email, you are giving it to the phishing scammers.
Be cautious when asked to log in with your ULID and password.
Be suspicious of emails that ask you to "log in" to verify your account.
Some phishing emails include links to websites where you are asked to log in. The idea is that by logging in, you are "verifying your account" so that you don't lose it. In reality, the website is a fake, just like the email. It might even look like a real Illinois State website, but when you "log in" you are really sending your ULID and password to the phishing scammers.
What should I do if I got phished?
If you replied to a phishing email and sent your ULID and password, you should change your password and security question immediately.
Likewise, if you clicked a link in a phishing email and "logged in" to the associated website, you should change your password and security question immediately.
How to Recognize Phishing Emails
Look at the many parts of an email or website to help you decide if it's legitimate or a fake.
Here are some example subject lines from phishing emails sent to Illinois State:
- "IT Services Desk - Dear Staffs/Students." (Figure 1)
- "E-Mail Account Maintenance" (Figure 2)
- "WebNews / Web Email Account Update" (Figure 3)
- "Confirm Email Account" (Figure 4)
- "Important Update" (Figure 5)
Check the From:, Reply-To:, and Sender: address in emails you receive. Official Illinois State emails are usually sent From: (and, if visible, have Reply-To: and Sender:) email addresses that end with @ilstu.edu or @illinoisstate.edu.
Occasionally, Illinois State will send official emails from non-ISU email addresses. One example is @everbridge.net, which is the official email provider for ISU Emergency Alerts. This can make it more difficult to determine if an email is real or fake. When in doubt, contact the Technology Support Center for assistance in verifying the authenticity of an email before you act on it.
Here are some examples From: and Reply-To: addresses from phishing emails sent to Illinois State:
- firstname.lastname@example.org (Figure 1)
- email@example.com (Figure 2)
- firstname.lastname@example.org (Figure 3)
- email@example.com (Figure 4)
- firstname.lastname@example.org (Figure 5)
Look for suspicious phrases like these:
- "Verify your email address or your account will be deactivated."
- "Upgrade your account."
- "Confirm your email account."
Illinois State will never ask you to verify or confirm your account in this way, and you are given several months warning before your ULID account is removed.
Look for these suspicious signatures:
- "Ilstu Team"
- "Webmail Team"
- "Webmail Help Desk"
No campus organization is called "ILSTU Team," "Webmail Team" or "Webmail Help Desk." You should always be suspicious of emails sent by "ILSTU Team" or something similar.
Check the web address of any website that asks you to log in or enter personal information. Illinois State will never ask you to log in with your ULID and password on a non-ISU website.
The domain name portion of official Illinois State websites usually ends with ilstu.edu, ilstu.org, illinoisstate.edu, or illinoisstate.org. Occasionally, Illinois State websites will end with .com and may not conform to standard Illinois State domain names, which can make it difficult to tell if the site is real or fake. When in doubt, contact the Support Center for assistance in verifying the authenticity of a website before logging in.
The domain name portion of a web address is included in the first part of the address before any slashes.
- Example #1: In the web address, video.google.com, google.com is the domain name.
- Example #2: In the web address, www.att.net/wireless, att.net is the domain name portion of the address.
Here are some examples of authentic web addresses for Illinois State:
Here are some examples of web addresses for fake university sites:
- www.support-ilstu.edu (This one is tricky, but support-ilstu.edu is not the same as the official ilstu.edu.)
Get Help First
If you receive an email or visit a website that threatens to remove your account or makes you suspicious for any reason, contact the Technology Support Center to discuss the situation.The Support Center can help you determine if the message or website in question is legit or a phishing scam. You should get help before following the instructions.