The FBI warns that cybercriminals are targeting local universities and any university employee that has a university-issued email account.
About the scams
These legit-looking phishing scams attempt to get employees to share their NetID usernames and passwords through a request to update credentials. Once they have your credentials, thieves use them to log into Human Resources systems and reroute payments to a different account.
Hackers also pose as HR or executive staff, spoofing email addresses and office signatures, giving the emails a valid appearance, and encouraging only email correspondence. In these targeted emails, scammers ask employees for social security numbers or other identifying account information in what appears like a work-related request. Once they have your stolen info, they can hack into your accounts.
What you can do
- Question emails providing clickable links or attachments asking for NetIDs, passwords or personally-identifiable information (PII). See TU’s Data Privacy webpage for examples of PII.
- Call or verbally ask the sender to confirm the supposed request for info. The Office of Information Security (OIS) in the Office of Technology Services (OTS) encourage open office dialogues so employees are comfortable approaching higher level staff to confirm if an email is legitimate.
Unsure or need help?
- If you’ve received an email in your TU account asking to update your TU credentials, forward it to phishing@towson.edu (from any device) or click “report phish” at the top of the Outlook email (on a desktop).
- If you need help, training or have any questions about recognizing phishing, please contact the Office of Information Security at OIS@towson.edu.
