LTS, in collaboration with our information security consultants, GreyCastle Security, conducts an annual “Phishing Test” by sending an email to our Students, Faculty and Staff that mimics a real world phishing scam. This email was sent over 5 days during the week of May 6th as a part of our information security education and awareness program.
Students received a message from a suspicious address and the name “Campus Wellness,” referencing a free $5 Starbucks giftcard. Faculty and staff received a message from a suspicious address and the name “IT Help Desk,” referencing a policy change and threat to terminate your account if you did not click on the link. If you clicked on the links in either of these messages, please be advised that your account is safe. Anyone who clicked through these messages was ultimately brought to a page that provided information on how to recognize phishing attempts. LTS will be following up with these individuals in the coming weeks.
We realize that some of you may view this as an annoyance. Unfortunately, our community receives constant phishing attempts, and it is essential that we increase community awareness. An annual phishing test is one of the suggested methods by the experts in the field.
Many of you contacted us to make us aware of the message you received, so, thank you. Since we were sending it out over a period of time (in order to avoid Google detecting it as a phishing email and stopping its distribution), we did not want to reveal this information too early by posting our usual phishing warning to campus.
To spot a potentially malicious message in the future, it is important to check:
- The name or department to make sure it’s valid.
- The sender’s email address by clicking on their name, or make sure it correctly matches the sender’s name.
- That the links in the message are valid by either going directly to the site instead of clicking on the links, or hovering over the links to make sure they go to the correct website.
Official College communication will always be signed by a staff member’s name and contact information, which can easily be verified should a message look questionable.
For more tips: https://www.wellesley.edu/lts/techsupport/security/internet/phishing
To: Faculty, staff and students
From: Heather Woods, LTS, x3175
More Info: LTS Computing Helpdesk, x3333 (Fac/staff), x7777 (students)
