We will be looking at a phishing attempt that hit EIU this week.
In this case someone from outside EIU was pretending to be from EIU and the attacker attempted to get you to give up your credentials.
Were there any clues that this was a phishing email?
Questions to ask:
- Was I expecting this email?
- Does the link match the company who it is for?
- Does it ask me to do something out of the ordinary?
- Why does it say [SPAM]
- The link forwards to a non-eiu page but looks like EIU.
- Is there an EIU verification link?
Reviewing the email
Notice [SPAM] has been added to the subject line. Office 365 is noticing something is not right with this message.
Look at the from address, it shows firstname.lastname@example.org, this is not Eastern Illinois University (email@example.com).
Improper grammar: There is no punctuation within the email, every letter is capitalized and the email ends with a pipe symbol.
Why is “EIU” linked to a stanford.edu address, without explaining it?
In this email there is a link. If you put your cursor over the link on the bottom left of your browser, it will show where the link will take you. You can see that the page shows sanookpark.com.com not standford.edu.
There is no EIU email verification link at the bottom, you can always check, https://www.eiu.edu/verify for official emails.
*Tip: If you have the option, go the website directly, do not click links within email.
Sadly, this website does a good job of mimicking our EIU page. There are some clues if we look for them. In the address bar of the browser, eiu.edu is not listed, it shows sanookpark.com. Never put your username and password in when the URL is not eiu.edu and does not start with https://.
The red flags are add up. At this point, I may call payroll directly. Another option is to forward the email to the EIU phishing group at firstname.lastname@example.org. ITS will review the email and let me know if it is OK.