July 21, 2021
Protect your College Account from Email Phishing Campaign
What’s Happening:
Our college community is continuing to experience phishing campaigns resulting in thousands of emails distributed to the community from compromised college email accounts. The most recent has targeted our students. The email describes a job position for a personal assistant and is sent from a faculty or staff member’s college email account. This is a scam that encourages you to input personal financial and cell phone information. Please delete immediately.
What to Do:
The best defense is to maintain vigilance and practice safeguards to protect your college email and personal email as well as your personal information!
If you have already responded to the email and/ or provided personal information, change passwords to your personal accounts, notify the appropriate institutions, and continue to delete any suspicious emails or phone texts. Help on changing and managing your password can be found at https://password.esc.edu.
Multi Factor Authentication (MFA) for your college Microsoft 365 products, including email and OneDrive is now available. To request MFA for your college Microsoft 365 account, go to www.esc.edu/getMFA
Information Technology Services (ITS) offers an Internet Security Training video course that provides information on how to identify potential phishing and internet fraud, including security practices for both personal and professional use. You can share this with family and friends! The course is found in the college’s training platform KnowBe4 and can be accessed using the instructions found in the knowledgebase article: Internet Security Training for Personal and School Information.
If an email is suspicious to you, take the following actions:
- Question the sender. Do you know the individual? Does the content seem strange or unusual coming from them? Better to delete the email and confirm later than to risk falling for the scam!
- Do not forward the email to others. This exponentially increases the opportunity for the attack to be successful.
- Do not click links in the email.
- Do click the Phish Alert button to report the email to ITS and delete the email from your inbox. Please see the additional information on Using the Phish Alert Button.
- Delete the email. If you are on a mobile device or a web application and the Phish Button is not available, go ahead and delete the email.
What to Expect:
ITS will continue to monitor and remove identified suspicious emails from college email accounts. Please note, once a suspicious email reaches a personal email account, the college cannot remediate the emails. Taking steps outlined above will help protect your personal email.
College personnel will never ask you to share a password via email or phone text. Any communication regarding password management will direct you to our password management web page (https://password.esc.edu ) or to the Microsoft Self Service Password Reset (SSPR).
The college will not ask for specific financial information directly with email. The college provides websites and tools for you to access and manage your financial information for college business (MyESC, Touchnet).
As always, if you have questions about a suspect email or have a concern that your account may be compromised, please contact the IT Service Desk at 1-800-347-3000 ext. 2420 or 1-800-HELP-009.