Privacy and Information Security | University of Illinois

July 2014 Phishing Attempt

A recent phishing attack hit the University of Illinois. See how scammers are trying to steal your information and learn to avoid their tricks.

Attack background

In the last week individuals at the University of Illinois were targets of sophisticated phishing emails. Given the level of sophistication and corresponding with similar known phishing attacks experience by other Big Ten schools, the Office of Privacy and Information Assurance (OPIA) believes this attack was done in an effort to gather enough information to access University resources and to potentially change personal information, such as payroll direct deposit information. The message was allegedly from "UIUC Human Resources" and directed recipients to a copy of a University of Illinois Enterprise Authentication Login page, but had an additional field for their PIN.

This message did not rely on individuals replying with sensitive information, but instead directed them to a site designed to steal their information. Given the growing trend for these attacks and the likelihood that this will not be the last time we will see an attack like this, as a habit you should check the address bar of your web browser when you are online. You should only enter your University of Illinois username and password on sites that have or at the beginning of the address. You should never enter sensitive information on a page that does not begin with HTTPS.

What the phishing attack looks like

Click the images to open them in a new window.

The text of the message was relatively plain:

Phishing email

That link that says "Click Here" points to a login page. Here is what the login page should look like:

Enterprise login page

Here is the fake login page that was provided in the phishing message. If you look, there are signs this is not legitimate.

Fake Enterprise login page

Signs the login page was fake

  • .ru is a Russian domain; this is not a University of Illinois server
  • There is no "Your PIN" field on the actual login page
  • Your is misspelled as "Youd"
  • Only the Login button works, all of the others are just images

What we are doing

In response to this attack OPIA has notified the recipients of this message and is monitoring affected accounts for suspicious changes. In addition to responding directly to this incident OPIA and CITES are working on changes to better protect the University of Illinois and its members. 

What you can do

Know what phishing looks like

Learn how to spot phishing. If you are unsure if an email or phone call is from the University of Illinois, you can contact the CITES Help Desk by emailing or by phone at 217-244-7000. When in doubt, please contact the Help Desk.

Know what to do with a phishing message

If you receive a phishing email claiming to be from the University of Illinois you can simply delete it, or you can inform CITES by emailing

Please be aware that the University of Illinois will never ask you to reply to an email with your password or to update account information through email.