Services for Faculty, Staff & Students
Almost everyone has received them: emails from foreign ‘dignitaries’ offering millions of dollars if you get in touch (and send all of your personal information). These emails are so common, they’re easy to laugh off, but modern phishing and other scams designed to look like communication from banks or IT departments are getting increasingly sophisticated - even the most tech-savvy among us can get fooled.
Email Security Awareness
We are seeing an increase in reports of well-crafted emails also known as spam or phishing emails sent to users within the Saint Mary’s community that appear to come from other users within the community or other external email addresses.
Here are some steps you can take to prevent your email account from being compromised:
- Use secure email password. Preferably, use passphrase e.g. random common words.
- Avoid sharing your email password with others.
- Avoid using same email password or passphrase on multiple email accounts or websites.
- Whenever you reset your email password/passphrase, make sure your new password/passphrase is completely different from your initial one.
- Avoid clicking on links within your email. Instead, go to the website by typing the web address directly into your browser or hover over the link in the email to be sure it directs you to the expected website and not a malicious one.
- Be careful of emails that do not address you directly.
- Be cautious about opening attachments and downloading files sent to you in any email.
- Have an antivirus software installed on your device and continuously maintain the update.
- Saint Mary’s University ITSS will not ask for your account password via email.
If uncertain about any email that appears to come from IT, kindly reach out to ITSS Help Desk on 902-496-8111 or email@example.com to verify. If uncertain about emails received from others, call the sender.
New phishing emails targeting SMU
Various kinds of well-crafted emails also known as phishing emails have been reported at SMU with the following email subject lines listed below:
- “Your mailbox is almost”
- “Final warning”
- “Help desk”
These are four of the most recent phishing email subject lines that were received by members of the SMU community over the past couple of weeks. These emails appear to come from other legitimate users within the SMU community. Users should be aware that the above-mentioned phishing email subject lines are subject to change.
If you had received any of these phishing emails, please do not respond or click on any links. If you have responded to any of these phishing emails or clicked on any of the links, kindly change your password immediately. You can also contact the ITSS helpdesk for further assistance on 902-496-8111 or firstname.lastname@example.org
There have been reports of a particular kind of phishing email is being received by members of the university community.
See a typical example below:
iTune Gift Card Scam
In recent weeks there have been a number of iTunes Gift Card scams circulating via email. In these email scams, the fraudster pretends to be someone that you know, usually someone in a position of authority.
The messages usually appear as an urgent request for your help. The sender will indicate that they are unable to call or receive calls and request that you purchase a number of iTunes gift cards on their behalf promising reimbursement. You will be asked to purchase the gift cards, scratch off the label on the back of the card to reveal the hidden security code, and then email pictures of the cards.
With this information, the fraudster can claim the value of those cards and you will be unable to reclaim the money.
From: Jane Doe <email@example.com>
Sent: Monday, September 17, 2018 6:05 PM
Subject: iTunes gift card
I am tied up right now; please I need you get me iTunes gift card from the stores (4 pieces, $100 each.) Scratched it all and take a picture which clearly shows the codes and value of the cards, and send the photos to me here.
I will reimburse you when am through. Also, I would have called, but can't receive or call at the moment.
From: Jason Borne
Sent: November-29-17 8:28 AM
To: Firstname Lastname <firstname.lastname@example.org>
This is to notify all Students, Staffs in Saint Mary's University that we are validating active accounts. Kindly confirm that your account (email@example.com) is still in use by clicking the validation link below:
Validate Email Account
IT Help Desk
Office of Information Technology
Saint Mary's University.
From: Jane Dash
Sent: September-15-17 11:57 AM
To: firstname.lastname < firstname.lastname@example.org>
Subject: Validating.......< email@example.com>
This is to notify all users that we are validating active accounts.
Kindly confirm that your account is still in use by clicking the validation link below:
Was this helpful? Send feedback to Microsoft
From: John Doe
Sent: August 2, 2017 2:44 PM
To: John Doe
Subject: Outlook update.
All Staff and Students are expected to migrate to the New 2017 Microsoft Outlook Web portal to access the below, click here to migrate:
- Access the new staff directory
- Access your pay slips and P60s
- Update your ID photo
- E-mail and Calendar Flexibility
- Connect mobile number to e-mail for voice mail
Important notice: All staffs and students are expected to migrate within 24 hours to avoid delay on mail delivery.
On behalf of IT Support. This is a group email account and it’s been monitored 24/7, therefore, please do not ignore this notification, because it’s very compulsory.
**Note: This type of phishing email has a link in it with the aim of getting users into clicking on the link embedded in “click here”. It also communicates a sense of urgency to users to act immediately.
Remember, if uncertain about any email that appears to come from IT, kindly reach out to ITSS Help Desk on 902-496-8111 or firstname.lastname@example.org to verify.
From: Michael Luce [mailto:email@example.com ]
Sent: January-25- 2017 10:58 AM
Subject: New Invoice #2416-21
This email is being sent in order to inform you that a new invoice has been generated for your account.
Your Account Login: firstname.lastname@example.org
Your Account Password: mauler783
Please see the file that is attached.
The file is password protected to protect your information.
The password is 123456
**Note: This aim of this type of email is to get you attention and trick you to open the attachment which eventually in most cases infect your device and compromise your account.
This section provides the Saint Mary’s community with information on how to protect your information when using browsers, mobile devices, Java applications and the Windows operating system.
For more information on phishing and information security, view the Protect Your Information page, and other pages in this section.
Want tips on creating passwords that work, and other great ideas on how to secure your information? Check out the SANS Institute’s comprehensive Security Awareness Tip of the Day site.