Alert: Serious Email & Phone Scams Targeting UIC Community
Dear Faculty, Students & Staff,
The UIC Information Security and Privacy Office has received many reports of email and telephone scams targeting UIC’s community of faculty, students, and staff. These attacks may be financially motivated, targeting access to your valuable university data, or seeking to steal credentials to leverage them for further attacks.
If you receive such a message, DO NOT RESPOND, and always be careful to only enter your credentials on authorized university web pages. If you believe you entered your credentials on a phishing web page, immediately change your password at identity.uillinois.edu and contact firstname.lastname@example.org.
Attacks Directed at Faculty and Staff
Attacks on UIC faculty and staff typically involve email pretending to be from university leaders, deans, directors, or department heads. The emails are often sent from addresses crafted to trick the recipient into thinking they are legitimate despite not actually originating from an @uic.edu address. For example, the email may arrive from “email@example.com” or “firstname.lastname@example.org” but not from “email@example.com.” The name of the sender is changed to the name of the university leader (e.g. “Bob Green”). The scammer is hoping that the recipient will not notice the fraudulent address or sometimes pretends to be from the leader’s personal email account.
The end goal of the emails appears to be to convince unsuspecting staff to purchase gift cards on the “leader’s behalf” and email the codes to them with the promise of later reimbursement.
The email attacks often begin with a message such as “are you available?” or “send me your cell number!” and if someone responds, the attacker explains that they are caught in a meeting, can’t take calls, and needs the recipient to buy gift cards for later reimbursement.
Always take extreme care when providing personal information in response to an email.
If you receive such a message, do not respond. If you are in doubt, contact the sender by another mechanism, including sending a separate email direct to their real @uic.edu address.
Attacks Directed at Students
Students are contacted via email with an offer of employment from a professor or campus leader with subjects like “Work from Home”, “Part-time Job Opportunity”, or “Urgent.” Typically, the scams tempt the student with a promise of easy money (e.g. $300/week for 2-3 hours of “work”). Upon reply to these scams with personal information, the students either receive a check in the U.S. mail or are sent an “electronic check” to print out and are told to make a deposit. They are then asked to either purchase gift cards or Bitcoin and instructed to send the funds to the fraudulent “employer” or elsewhere. Students later find that the deposited check is rejected/bounced by their bank resulting in a loss of the money sent to the attacker and most likely a bank fee for the bounced check.
The second scam targets UIC international students. In this scam, a student receives a telephone call from an attacker who identifies as a US Immigration and Customs Enforcement Agent. The calling phone number is spoofed and appears as a legitimate phone number belonging to ICE (202-732-4646). The caller then informs the student that they are in violation of registering as an alien and must provide payment or be arrested by the UIC Police. The student then receives a subsequent call from someone who identifies as UIC Police and threatens arrest if the student does not comply with demands. The incoming phone number on this call is also spoofed and appears as a legitimate UIC PD phone number (312-996-2830). The student then receives a third call from the alleged ICE agent who instructs the student to deposit funds into a specific bank account belonging to the offender via Zelle or other online funds transfer application.
Due to the use of random senders and the commonplace text in the emails of these attacks, it is nearly impossible to prevent these attacks without also blocking legitimate email.
If you received emails of this type and purchased gift cards or Bitcoin, please contact UIC Police for assistance. For information on how to contact the UIC Police, please visit police.uic.edu.
For more information, please contact:
Edward Zawacki, Chief Information Security & Privacy Officer
Chief Technology Officer
Kevin L. Booker
Chief of UIC Police
For more information, please contact: