University Computer Help Desk

Recognizing "ILSTU TEAM" phishing scam emails

For the past few years, Illinois State University has been targeted by phishing emails. It is important that you recognize these scams so your ULID account is not compromised.

Illinois State University has been the target of phishing scam emails which attempt to trick you into giving away ULID account information.

Never Send Your Password in Email!

Phishing emails that target Illinois State ask you to send:

  • Your ULID or user name
  • Your password

Illinois State University will never ask you to send your password in email. If you receive an email that asks you to send your password, you should delete it immediately.

Phishy Subject Lines

If you get an email with a subject line like those shown below, it's probably a phishing email.

Here are some examples subject lines from phishing emails sent to Illinois State:

  • "IT Services Desk - Dear Staffs/Students." (Figure 1)
  • "E-Mail Account Maintenance" (Figure 2)
  • "WebNews / Web Email Account Update" (Figure 3)
  • "Confirm Email Account" (Figure 4)
  • "Important Update" (Figure 5)

Phishy From: Addresses

Check the From:, Reply-To:, and Sender: address in emails you receive. Illinois State will never send official emails from a non-ISU email address.

Official Illinois State emails are always sent From: (and, if visible, have Reply-To: and Sender:) email addresses that end with @ilstu.edu or @illinoisstate.edu.

Here are some example From: and Reply-To: addresses from phishing emails sent to Illinois State:

  • info@itservices.net (Figure 1)
  • support-team@web.nl (Figure 2)
  • webmail@mail.zinnianet.net (Figure 3)
  • lolata@sercomtel.com.br (Figure 4)
  • helpdesks@inmail24.com (Figure 5)

Phishy Message

Phishing emails try and trick you into sending your account information. Once the scammers have your ULID and password, they can use your email account to send spam. Look for these characteristics in emails you receive and be skeptical of official-looking emails.

"Verify Your Email Address..."

  • Be suspicious of requests to "verify your account" or "upgrade your account."
  • Illinois State will never ask you to "verify your account" like this. Never.

"...Or Your Account Will Be Deactivated"

  • Ultimatum: Verify your account or permanently lose it.
  • Urgency: You are given a very short time in which to act.
  • Illinois State will notify you several months before your account is to be removed.

ILSTU Team, Webmail Team, or Webmail Help Desk

  • No campus organization is called "ILSTU Team," "Webmail Team" or "Webmail Help Desk."
  • You should always be suspicious of emails sent by "ILSTU Team" or something similar.

Phishy Web Addresses

Check the web address of any website that asks you to enter personal information. Illinois State will never ask you to enter personal information on a non-ISU website.

The domain name portion of official Illinois State websites always ends with ilstu.edu, ilstu.org, illinoisstate.eduor illinoisstate.org. It's not an official Illinois State website unless it follows that format, even if it includes "ilstu" or "illinoisstate" elsewhere in the address.

What is a domain name?

The domain name portion of a web address is included in the first part of the address before any slashes. For example, in the web address, video.google.com, google.com is the domain name. In the web address, www.att.net/wireless, att.net is the domain name portion of the address.

Here are some examples of valid web addresses for Illinois State:

  • www.illinoisstate.edu/home/security/
  • www.techzone.ilstu.org
  • www.helpdesk.ilstu.edu/security/cybersecurity/
  • www.whatever-something.ilstu.edu/more/

Here are some examples of web addresses for fake university sites:

  • www.illinois.web.org/ilstu
  • www.ilstu.itservices.org
  • www.itnews.com/ilstu-helpdesk
  • www.support-ilstu.edu (This one is tricky, but support-ilstu.edu is not the same as the official ilstu.edu.)

Get Help First

If you receive an email or visit a website that threatens to remove your account or makes you suspicious for any reason, call the University Computer Help Desk at 309-438-HELP or stop by the Help Desk office in Julian Hall 115 to discuss the situation.

The Help Desk can help you determine if the message or website in question is legit or a phishing scam. You should get help before following the instructions.

See Also:

 

Article Information

  • Article ID: 1364
  • Last Review: Oct 6, 2009
  • Type: Article

Print this articleEmail this articleShare this article on Facebook

Article Images

  • Figure 1Figure 1
  • Figure 2Figure 2
  • Figure 3Figure 3
  • Figure 4Figure 4
  • Figure 5Figure 5

Article Feedback