ALERT: SURS Phone Scam

Sharing the following from an IT Professional on campus. He has verified with SURS that they do NOT make personal phone calls.

If someone purporting to be SURS calls you and asks about verifying your identity for insurance or asks questions about HIPAA, please hang up.

Screenshot of email from Lance Campbell describing scam format. Details in caption below.

From: “Campbell, Lance” <>
Sent: Tuesday, September 22, 2020 4:06 PM
Subject: [CCSP] SURS Scam Notice
I just received a very clever phone call from a person claiming to be from SURS. They said they needed to verify either my insurance or benefits. The caller told me the call was being recorded. For HIPAA compliance he said he needed to ask me some questions to verify my information. He said “Do you know what HIPAA is?”. At this point I said “I don’t think so.” I hung up.
I did check with SURS to see if anyone contacted me. They said we don’t make personal calls. They reached out to other staff within SURS to validate I was not contacted.
I sent this to all of you because many of you support non-technical people. The individuals pulling this scam are very good and very convincing. I also want to stress that they had my personal cell phone number. I do not forward my work number to my cell.
Software Architect

Domain Listings – Website Listing Service

This is an example of a snail-mail phishing scam! If you receive a notice requesting payment for your website or domain, you do NOT need to pay it. University websites and sub-domains are managed internally.

Below is an example of a fake invoice. You’ll notice that it says it is NOT a bill, but an offer, which acts as legal cover for this kind of fraud.

Image of paper soliciting payment for listing the website

Image of paper soliciting payment for listing the website

Campus notice on phishing awareness

The following legitimate email was sent to the university community on 9/4. Reposting here for archival purposes due to relevance to this site. 

Dear University Community,

In an effort to further enhance our cyber defenses, we want to remind you of a common cyber-attack that everyone should be aware of – phishing.

“Phishing” is the most common type of cyber-attack that affects individuals and organizations. Phishing attacks can take many forms, but they all have a common goal – getting you to mistakenly disclose sensitive information such as login credentials, credit card information, or bank account details.

Although we maintain security controls, provide awareness training, and conduct phishing simulations and tests to help protect our campus community from cyber threats, we need your help as the first line of defense.

What You Can Do

To avoid these phishing schemes, please observe the following best practices:

  • Avoid clicking links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
  • Never provide sensitive personal information (like usernames and passwords, Social Security Numbers, financial information) over email.
  • Watch for email senders that use suspicious or misleading domain names.  Look closely at the email address of the sender.
  • Beware of any shared document that you’re not expecting to receive.
  • Be especially cautious if you receive an email containing a warning banner indicating that it originated from an external source.
  • If you are unsure if an email is legitimate or not, please contact your local IT support or the Technology Services Help Desk, 217-244-7000 or

Thanks again for helping to keep our network, and our people, safe from these cyber threats.


Joe Barnes
Chief Privacy & Security Officer
University of Illinois at Urbana-Champaign