Fordham Information Technology - Secure IT: ALERT: Phishing Emails From Valid Fordham Accounts

Wednesday, April 22, 2015

ALERT: Phishing Emails From Valid Fordham Accounts


Photo by Jamal Kurshed


Phishing emails are being sent from valid Fordham email accounts. These emails may appear to come from people you know. In some cases, their names are used to sign the emails. A list below shows the types of subjects commonly used in the phishing emails.

 
These emails are NOT legitimate. They request recipients to "Click here" or "View Document Here"  If you click on the link, you are directed to a site asking you to log into your Google Gmail, or even your Yahoo and AOL accounts.  

These sites are NOT legitimate. They are used to capture your usernames (AccessIT IDs) and passwords. An attacker with this information can log into your account and send phishing emails to everyone in your contact list.

We have seen phishing emails with the following subjects:

  • Update
  • New Doc
  • Important
  • Important Message
  • Important!!!
  • Yahoo Security Update
  • Your Yahoo Account Safety Is Our Top Priority
If you believe you have received this phishing message, please do the following: 
  • Do not respond to the message.
  • Do not click any links within the message.
  • Do not provide any information such as a username (AccessIT ID) and password.
If you responded to the email and provided confidential information:
  • Contact Fordham IT Customer Care ASAP at 718-817-3999.
  • Manually reset your password and disconnect any active login sessions to your Gmail account.
  • Delete the message. 
Email Security Tips:
  • NEVER give out your password to anyone, especially in an email. Fordham IT and any other reputable service provider will NEVER ask for your password or personal information via email.
  • NEVER provide personal or sensitive information in an email.
  • Do not click on links in emails. Enter valid website addresses into a browser manually.
  • Do not respond to suspicious emails. If you receive questionable or suspicious emails, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these emails.
  • Be wary of attachments, especially any you weren't expecting. Send them to IT Customer Care and let the UISO scan them for you.
  • If an email looks fishy, it probably is a phishing email.
  • Do not be fooled by scare tactics threatening to cut off your email, expire your accounts, and so on. Go to the source (my.fordham, your bank, HR, etc.) and validate the claim, but do not rely on the information provided in the email.
Find out more about phishing and online security:
  • Search our SecureIT blog to see if we have already identified a suspected email as a scam or a legitimate email: fordhamsecureit.blogspot.com. 
  • IT security topics are available on our IT Security website: www.fordham.edu/SecureIT 
  • Remember, Fordham IT and Fordham University will NEVER ask you for your password. If you believe you have received a suspicious email or phone call, please contact IT Customer Care for help at (718) 817-3999 or HelpIT@fordham.edu.

No comments:

US-CERT Technical Cyber Security Alerts

IT Security - The IT Security Industry's Web Resource