Phishing activity targeting students, faculty, and staff is on the rise. We encourage all members of the MHC community to be vigilant and always err on the side of caution. If you suspect you've been targeted by a scammer or phishing attempt, please report it to the Technology Help Desk immediately.
Common phishing schemes right now include:
- Covid-19 vaccine scam: Scammers take advantage of health scares to distribute phishing scams. The COVID-19 pandemic continues to spawn dozens of such campaigns, scaring recipients into clicking on harmful links or attachments in emails, text messages or social media posts. Examples of COVID-19 phish scams: Fabricated notices from health organizations (e.g., the CDC or local/state health departments), fake updates from an employer about policies or procedures to address the risk, phony websites containing maps and dashboards, information about protecting yourself, your children or your, community that contains malicious links or attachments, charitable appeals to help victims of the virus, which are not legitimate. Protect Against COVID-19/Coronavirus Scams: Be vigilant for COVID-19/coronavirus scams during the coming weeks. If you suspect a message may be a phishing scam, please report it by forwarding the email message to firstname.lastname@example.org
- Back to Work scam: Using a fake internal memo from HR, per-user custom-named email attachments, and a realistic-looking HR form, this phishing attack has all the ingredients to trick you. At the end of the HR form, you would simply be asked for your email address (which is presumed to be your username) and then asked to enter in your password as a means to establish identity as part of agreeing to the presented HR policies. Anyone who understands when and where passwords would be used can easily see this isn’t one of those times. The scam is a good one – it uses evasive techniques to ensure delivery, establishes legitimacy and urgency, and quickly seeks to reach its malicious goal. Those of us who have undergone Security Awareness Training should be able to spot this as being a scam, keep our credentials – and MHC – secure.
- Employment scams: Students should be especially suspicious of job postings/offers that seem too good to be true. Scammers advertise jobs exactly where real employers do, including popular websites and the classifieds. They may say they’ve got a job waiting, or guarantee to place you in a job, if you just pay a fee. Legitimate employers and firms DO NOT ask you to pay for the promise of a job. Watch the FTC's video on job scams for more information
- Imposter scams: If someone in authority sends you an email asking “Are you available?” Be careful, it might be a scam. The message appears to be from someone you recognize and trust (like your boss, a Dean, or trusted colleague), but look closely at the email address. Is it the right format or address? These attempts often result in a request for you to buy gift cards. Don’t take the bait.
- Payroll Phish & IRS/Tax scams: Tax season is often a busy time for scammers and phishers. They use this season to try to steal your personal information. The IRS will never email or call you. If a message looks to be from your payroll department, scrutinize it very carefully. If something about the email seems “phishy,” do not respond and do not click on any links or open attachments.
Visit Security and privacy and Phish Bowl fraudulent email alerts for more information about what phishing is, preemptive ways to protect yourself, how to identify fraudulent emails, and what to do if you receive a suspicious message. The Phish Bowl is a record of the latest phishing attempts perpetrated against the MHC community. Check the Phish Bowl to familiarize yourself with what confirmed phishing attempts look like and/or see if others have received the same suspicious email as you.