Over the past few weeks there have been multiple phishing campaigns targeting TU faculty and staff, as reported to the Office of Information Security through phishing@towson.edu. Examples of the email subject lines from these recent phishing attempts include “Towson IT center” and “Unknown sign in.” As a result, Microsoft blocked outbound email from an increasing number of TU accounts which were suspected to be compromised. To help reduce future compromises, the Office of Information Security reminds the campus to be aware of phishing emails sent to TU email accounts before, during and after the holiday break.
What is Phishing?
Phishing is an email scam designed trick you into providing sensitive information such as usernames, passwords or credit card numbers, or opening an attachment that installs malware on your device.
Recognizing Phishing
It’s not always easy to spot phishing attempts, especially during the holidays. Watch OTS Training’s video for examples and tips on how to recognize phishing:
These characteristics are red flags, and the email in question should be treated as suspicious when they are present:
- Request for username and passwords-especially for NetIDs. No one at TU will send an email asking for your username and password.
- References to the IT department or IT service. The technology office at Towson University never refers to itself in writing as “IT” – always look for The Office of Technology Services (OTS) in communications.
- Request for immediate action or there will be a devastating consequence (threat). A phone call to the OTS Faculty/Staff Help Center will clear up any question about account status.
- Vague subject lines. OTS will provide descriptive subject text, and when possible, include a phishing disclaimer at the end of the email.
- Obvious spelling mistakes and bad grammar. Emails sent from TU departments and offices are almost always reviewed and spell-checked prior to distribution.
- Unfamiliar links in the body of the email. Don’t click – hover to check the actual web address.
- Attachments that are “.exe” files. Opening these can launch and spread malicious software.
- Unknown sender, or an email from an unsolicited source. If it isn’t from an @towson.edu address, be sure you are familiar with sender.
I’ve received a suspicious email-now what?
- Do not reply, click on any links, or open any attached files.
- Forward the suspicious email to phishing@towson.edu.
- If you are concerned that your information or device may have been compromised, contact the OTS Faculty/Staff Help Center at 410-704-5151 or submit a TechHelp service request.
