Phishing Review 02/27/2020

Phishing Overview

We will be looking at a phishing attempt that hit EIU this week.

In this case someone from outside EIU was pretending to be from EIU and the attacker attempted to get you to give up your credentials.

Were there any clues that this was a phishing email?

Questions to ask:

  • Was I expecting this email?
  • Does the link match the company who it is for?
  • Does it ask me to do something out of the ordinary?
  • Why does it say [SPAM]
  • The link forwards to a non-eiu page but looks like EIU.
  • Is there an EIU verification link?

Reviewing the email

Notice [SPAM] has been added to the subject line. Office 365 is noticing something is not right with this message.

Look at the from address, it shows, this is not Eastern Illinois University (

Improper grammar: There is no punctuation within the email, every letter is capitalized and the email ends with a pipe symbol.

Why is “EIU” linked to a address, without explaining it?

In this email there is a link. If you put your cursor over the link on the bottom left of your browser, it will show where the link will take you. You can see that the page shows not

There is no EIU email verification link at the bottom, you can always check, for official emails.

*Tip: If you have the option, go the website directly, do not click links within email.

Sadly, this website does a good job of mimicking our EIU page. There are some clues if we look for them. In the address bar of the browser, is not listed, it shows Never put your username and password in when the URL is not and does not start with https://.

The red flags are add up. At this point, I may call payroll directly. Another option is to forward the email to the EIU phishing group at ITS will review the email and let me know if it is OK.

Aaron B. Allison, GSEC – IT Technical Associate
Information Technology Services | Eastern Illinois University
217.581.1939 | Office365 Teams: aballison |