The Illinois Shines Program Administrator has been alerted to phishing attempts sent via email this week to Approved Vendors and Designees. The messages show a sender and email address of Amanda Scashallotte ([email protected]) via Gmail, a subject of “2024 Vendor Certificate Verification”, and request recipients to confirm information in a “2024 Vendor Certificate Verification” document by clicking a link to “confirm or update your information.” These emails have not been sent from the Program nor the IPA and are not legitimate notices. They should not be responded to, and recipients should not click the link(s) in the message. All official Illinois Shines emails should come from @illinoisshines.com or @energy-solution.com, and any emails from the IPA will end with @illinois.gov.
These emails look official, as they include the Illinois Shines logo, but phishing emails are fraudulent messages that attempt to deceive recipients into providing sensitive information, or installing malware (such as viruses, worms, adware, or ransomware) by clicking on links or replying to the message. Phishing attempts may include unusual sender domains or addresses, a link going to a non-Illinois Shines site or attachments that should not be clicked, and other suspicious language and format. Although this email may appear legitimate, it is not. If you clicked the attachment in the phishing email (or are unsure if you may have) and if you believe you subsequently shared Program Portal credentials, please alert the Program Administrator and change your Program Portal password immediately.
The Program thanks stakeholders for alerting the Program Administrator to these emails, and recommends individual recipients contact their company’s system administrators to report the messages. More information regarding this phishing attempt will be provided after the Program further investigates these issues.
Should you have any questions, please contact the Program at [email protected] or (877) 783-1820.