An increase in phishing messages
At the start of the New Year, Elon University experienced an influx of phishing schemes to user email accounts. These schemes targeted faculty, staff, and students. Unfortunately, malicious users have done an increasingly remarkable job at mimicking Elon accounts. Read on for best practices to safeguard your account.
Never provide your password
The most recent string of phishing scheme emails prompts users to click a link, which opens a page where they can provide their username and password, seemingly to verify their account. Similar emails threaten that accounts will be disabled if users do not fill out a form. Phishing attacks often boast real logos and appear to have come from an actual organization, but those characteristics are frequently nothing more than copyright infringements and faked addresses.
It’s important to remember that Elon University will never ask you to provide password information. The only communications you will receive from Elon regarding your account password will notify you that your password is set to expire. You will be prompted to reset your password through our secure Self-Service Password Maintenance Site. This site will walk you through the process of changing your password, but it will not ask you to provide your password solely for informational purposes.
Be wary of attachments
You should never open attachments in emails, unless you explicitly trust the source and are expecting the attachment. In the past, some compromised user accounts have sent out emails supposedly sharing files through Dropbox. While these emails appear legitimate, the Dropbox attachments have been known to deliver viruses or malware to user machines.
If you receive an unsolicited email attachment, you should reach out to the sender to make sure it is legitimate. When in doubt, ignore and delete the email.
Don’t reuse passwords
If you inadvertently respond to a phishing scheme, you should change your password immediately at the Self-Service Password Maintenance Site. Most importantly, you should not reuse passwords or change passwords by just one or two characters. Here are some tips for password security:
- Make passwords complex. Use a combination of uppercase letters, lowercase letters, numbers, and special characters such as !, $, %, or &.
- Don’t use a variation of your name, username, or initials.
- Never use ‘password’ as your password.
- Change the numbers and words used in passwords on a regular basis, preferably once every six months, but no longer than one calendar year.
If you ever doubt about the legitimacy of an email you received discussing account security, or threatening that your account will be disabled, contact the Technology Service Desk at firstname.lastname@example.org or by calling us at (336) 278-5200.
Image of a recent phishing scheme targeting Elon users