Heads up, y’all. If you get a weird looking email from “The University of ScrantonScranton,” don’t click on the link – just delete it. This is a phishing scam. IR posted a notice about it on my.scranton last night:
There has been a fake phishing email sent to an unknown number of Scranton.edu email addresses. It is from webmasterr@scranton.edu and says the following: “Dear Web mail User, Due to congestion in all The University of Scranton!webmail users accounts,The University of Scranton!would be shutting down some webmail account.In order to avoid the deactivation of your webmail account,you will have to confirm that is a present use account by clicking the secure Link Below.The personal information requested is for the safety of your account. Please leave all information requested.. Please leave all information requested.” Please, if you receive this email, do not click on the link and enter your personal information. This email is not from the University and we would never request your personal information via an email.
——————————-
Update 9/7: This phishing episode sparked a bit of discussion about the timeliness of communication about significant technology issues. Here’s what we’ve worked out as a timeline for the incident (thanks to Jim and Jeremy for hashing out the details):
- Thursday evening: First phishing emails were received, and the TSC received numerous reports. The TSC notified the security manager, who blocked access to the phishing web site from the U’s network (though this wouldn’t prevent faculty/staff from getting there from their home ISP). The TSC put a notice in the my.scranton portal around 6:30pm.
- Friday morning: The TSC posted a note to Bboard. TAG posted the notice to our site here (thanks to Jim for the heads up about it).
- Friday noon: The Provost emailed all faculty about the phishing attempt.
- Throughout the day on Friday, the TSC responded to several calls about the email. Sometime on Friday, the security manager contacted the host site and had the malicious site taken off line.
So it seems that from the IR side, everything went as planned — the information security manager was involved right away, notices were posted right away, etc. However, anecdotally, it doesn’t seem like faculty or staff picked up on the alerts (especially the my.scranton notices) right away. Most people didn’t seem to know about the scam until they got an email about it.
[…] Sending email to all faculty that includes non-scranton.edu links is somewhat of an issue. IR wants to make sure that people are very cautious about what links they click on, in light of the many recent phishing attacks. […]