Don’t fall for it! The Office of Information Security (OIS) in the Office of Technology Services (OTS) warns about a phishing technique that is being used to target faculty and staff.
About the scam
Hackers use the name of an upper management TU employee in your department and ask if you’re “available.” Your response confirms your account is active and they’ve got you on the hook. This gives them the opportunity to start scamming you by asking for sensitive info, or asking you to make a “work-related” purchase for them (posing as your boss). See a PDF example of this type of phish.
Because phishing scams are getting more efficient, OIS advises taking an extra minute to look at the sender’s actual address, not just name, before responding to any email.
What you can do to protect yourself and TU
If you receive this or a similar suspicious email in your TU account, follow these steps:
- Verify the sender’s email address. If you do not recognize the sender’s email address, do not reply or engage with the sender. On a desktop/laptop you can see their address next to the screen name. To reveal the address when using the Outlook app on a mobile device, click on the sender’s name (NOT the link in the email).
- Pick up the phone and call the supposed TU sender. If your boss or coworker asks for any sensitive information, or for you to make a purchase, call to confirm the request.
- Report the email. If using a mobile device, forward it to email@example.com. If using Outlook on a desktop/laptop can click the “report phish” button at the top of the email. Both of these actions send the email to OIS for review.
- Delete the email.
For more resources on how to recognize phishing, visit www.towson.edu/phishing.