A Message from the CIO Regarding Phishing
WIU is increasingly the aim of targeted email phishing campaigns. A targeted phishing campaign means the attacker is taking the time to personalize the phishing campaign specific to your organization, making it much more likely to be successful. The latest campaign is an email (with varying messages and subjects) containing a link that when clicked, re-directs to a page that mirrors our login page, prompting our users to put in their Ecom and password. While University Technology is doing all it can to protect our users, we ultimately rely upon the users to be aware of and avoid phishing schemes. No technical solution is 100% effective.
We are asking each and every one of our users to be extra diligent in monitoring and responding to emails. Remember to evaluate the URL that any link re-directs you to. Pay close attention to grammar and the message contained within the email. Are they using generic terms as if they are unfamiliar with our department names, organizational process, etc.? Is the email coming from the correct email address? It isn’t enough to validate that the email is coming from a WIU.edu account because accounts may get compromised. Is the person sending you an email about your purchasing card listed as a student in the directory? These are the types of actions we need you to take when responding to emails in order to help reduce the risk to the University. Please take a moment to review the FTC’s guide on how to recognize and avoid phishing emails: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams.
As always, if you have any questions or concerns, you can direct them to Rebecca Slater, CIO, at firstname.lastname@example.org or (309) 298-2554. Thank you in advance for your help in addressing this issue.