Official University Emails
Unsure if that email you got is legit? Use this site as a source of known EIU emails for official communications.
Sent: 2024-11-15
From: EIU
To: Various Recipients
From: EIU
To: Various Recipients
Subject: EIU Student Phishing Simulation Results
Dear EIU Students,
Earlier this week, EIU conducted a phishing simulation for all students, focusing on account deletion. This simulation mirrored a recent tactic we observed in an actual attack. Out of 5,813 participants, 1,121 students (19.28%) provided their EIU username and password to the simulated attacker.
Safeguarding every EIU account is essential to our university’s security, regardless of individual roles. Attackers often start by targeting non-privileged accounts to gain an initial foothold, eventually moving through internal systems toward more secure areas. Phishing attempts are responsible for initiating 91% of ransomware attacks, underscoring the importance of robust security practices.
The simulated email had several indications of a phishing attempt.
The from email address is at a non @eiu.edu domain.
An unusual urgency to complete the request.
The link took users to a URL that is not used by Microsoft/EIU.
Moving forward, EIU will continue to conduct phishing simulations and share outcomes with the campus community. It's essential to remain cautious, take time to assess emails carefully, and report any suspicious activity promptly. You should use the phishing button in Outlook or forward suspicious emails to phishing@eiu.edu. Please pay attention to Duo MFA requests. Decline Duo MFA pushes that are not requested by you or from your current location and report any suspicious activity to info-sec@eiu.edu.
RYAN GIBSON | CIO
rwgibson@eiu.edu | 217-581-1904
EASTERN ILLINOIS UNIVERSITY
Information Technology Services
600 Lincoln Ave. | 4312 Student Services Building
Charleston, IL 61920
www.eiu.edu/panthertech
Earlier this week, EIU conducted a phishing simulation for all students, focusing on account deletion. This simulation mirrored a recent tactic we observed in an actual attack. Out of 5,813 participants, 1,121 students (19.28%) provided their EIU username and password to the simulated attacker.
Safeguarding every EIU account is essential to our university’s security, regardless of individual roles. Attackers often start by targeting non-privileged accounts to gain an initial foothold, eventually moving through internal systems toward more secure areas. Phishing attempts are responsible for initiating 91% of ransomware attacks, underscoring the importance of robust security practices.
The simulated email had several indications of a phishing attempt.
The from email address is at a non @eiu.edu domain.
An unusual urgency to complete the request.
The link took users to a URL that is not used by Microsoft/EIU.
Moving forward, EIU will continue to conduct phishing simulations and share outcomes with the campus community. It's essential to remain cautious, take time to assess emails carefully, and report any suspicious activity promptly. You should use the phishing button in Outlook or forward suspicious emails to phishing@eiu.edu. Please pay attention to Duo MFA requests. Decline Duo MFA pushes that are not requested by you or from your current location and report any suspicious activity to info-sec@eiu.edu.
RYAN GIBSON | CIO
rwgibson@eiu.edu | 217-581-1904
EASTERN ILLINOIS UNIVERSITY
Information Technology Services
600 Lincoln Ave. | 4312 Student Services Building
Charleston, IL 61920
www.eiu.edu/panthertech