E-Mail Information Security Notice
E-Mail Phishing Spam Sent to NIU Campus
There is a very "official" looking spam phishing attempt that is making the rounds to many of the NIU e-mail users and systems. Even though this looks very legitimate, it is NOT an actual e-mail sent by anyone from NIU. If you reply, or have replied, to this e-mail, you have put your e-mail account at risk for hacking and identity theft purposes. Even though the apparent return sender address is: Northern Illinois University, the reply actually goes to an address outside the United States and is likely some type of criminal enterprise.
NIU will never ask you for your account and password information. Do not respond.
Protect your personal information
- You should not have any detailed personal or family information in your stored e-mail files. (These are business systems owned by the University and really should not be used for personal activities anyway.)
- You should not maintain any personally identifying information such as driver’s license, SSN, passwords, credit card numbers, and date of birth in your e-mails.
- Although it is very convenient to use your e-mail account as a file storage system, it is an e-mail and collaboration system. As e-mail systems go, it is very secure and better than most other available systems, but it is not a file storage system. Important business files and confidential documents, when they are done being used in real-time communications, should be archived to storage areas that have better security and control.
- Do not write your passwords down, do not share your passwords, do not use commonly constructed passwords (pet names, family names, SSN, etc). Do not walk away from your computer while still logged into your e-mail or without locking your screen.
- Do not use your date of birth or easily obtained information for passwords or password reset questions.
No matter how legit an e-mail looks, remember, NIU will never ask you for your password. If you think something looks "phishy" it probably is; when in doubt, contact the ITS Helpdesk. If you receive a phishing e-mail, please forward it as an attachment to an e-mail addressed to abuse@niu.edu.
If you do respond to a request for a password and/or provided account information to someone inadvertently:
- Change your password to a dissimilar password immediately. See Passwords for your NIU computer accounts for information on selecting good passwords.
- Faculty and Staff e-mail instructions:
- GroupWise Client
- Select Tools
- Select Options
- Open (double click) Security
- Enter your current password
- Enter your new password twice
- Web Client
- Select Options
- Select Password Tab
- Enter your current password
- Enter your new password twice
- Student:
- Go to password.niu.edu
- Select Change password
- Type in your AccountID
- Select your AccountID
- Enter your current password
- Enter your new password twice
- Retiree:
- Login to your mailbox
- Select Options
- Select the Password Tab
- Enter your current password
- Enter your new password twice
- Notify the ITS helpdesk immediately by calling 815-753-8100.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
The first level of information security begins with each individual user - safeguard both your own personal information and that of NIU.
Helpful links:
- Avoiding Social Engineering and Phishing Attacks
- Protecting Your Privacy
- About Identity Theft
- OnGuard Online Phishing
- Phishing Skills Game at OnGuard Online
