July 17, 2026
Beware of recent phishing attempts targeting SIU accounts
The Office of Information Technology (OIT) is providing some guidance due to the campus community seeing a rapid increase in phishing attempts through email, text messages and phone calls.
The scams often appear to be urgent or official and may ask recipients to clink a link, scan a QR code, approve a multifactor authentication request, and a verification code or provide account credentials. Do not interact with a message that is unexpected, unfamiliar, seems too good to be true, or seems suspicious.
Some helpful reminders
When you are unsure whether a message is legitimate, assume it is not. If you have concerns, do not:
- Click links.
- Open attachments.
- Respond to email or text messages.
- Call phone numbers that are listed in messages or texts.
- Approve unexpected sign-in requests.
Suspicious content should be reported as suspected phishing so SIU can help protect the campus community. To report suspected phishing, use the “Report Message — protection drop down list” on the Microsoft Outlook home ribbon.
Messages could appear legitimate
Some of these messages may appear to come from a legitimate SIU department, employee name or SIU account — this is one method that sophisticated phishing scams use to create a false sense of trust.
Scammers get the credentials when unsuspecting people fall for malicious requests which can allow bad actors entry into our systems. Even if an account seems to contain nothing valuable, a person’s name and credentials can give scammers a launching point to impersonate them, access university systems or target others.
Important reminders
The Office of Information Technology/SalukiTech and other SIU entities never send emails, text messages, or forms asking for private or sensitive information. This kind of information includes: passwords, verification codes and multifactor authentication approvals.
It is important to be diligent in all online business and social interactions; if anyone asks for information, verify that the person, department, or business exists before sharing anything with them. It is best to use channels other than those included in the email, text or the call received for verification.
Anyone who interacts with a suspicious message — clicks on a link, opens an attachment, or provides any personal information — should act quickly, even if no impact is immediately noticeable. It is important to change current passwords, review account recovery information and watch closely for unusual activity across email, financial and other personal accounts.
For personal recovery steps and prevention guidance, visit IdentityTheft.gov. For SIU technology questions or if you suspect your account has been compromised, contact SalukiTech at SalukiTech.siu.edu or 618-453-5155.