Below we have listed a number of phishing / spoofed  / scam emails that are actively circulating among colleges and universities.  Please take the time to review these and be aware that the scammers will likely change the content and email subject lines, but the main purpose of the email will remain – to phish your personal and sensitive information. 

<><><><><><><><><><><><><><><><>

Registration Request Received for Your Microsoft Teams

Online scammers are using Teams invites to look like a Microsoft account reaching out for a missed payment. Recipients are requested to call a phone number to remediate this problem and pay. If you receive an email like this do not call the number and delete the email.

Payroll Notification.

This type of email is especially dangerous as it asks the recipient to open an unsolicited PDF document and often comes from a COMPROMISED Elon account. If you receive a message from any @elon.edu account asking for credentials, please delete the email. Do not respond to it, open the attachment or click on any embedded links.

Share – Faculty Evaluation – Response Neede ASAP””

Within the body of this email, the text often states that is coming from Dr. Connie Book or it will state that “Dr. Book would like you to review this file.”  Please be aware how faculty evalutions are performed at Elon and DO NOT respond to these email with your credentials or any personal information.  Unfortunately, these messages often come from a COMPROMISED Elon account.

[EXT] IT ADMIN shared “Elon University__20242005.pdf With You

If you recive this type of message please delete the email. Do not respond to it, and do not open the attachment or click on any embedded links. If you think the message may be valid, please forward the message to infosec@elon.edu and let us review it before you take any other action.

Beware of Fake Job Offers or Research Opportunities

These types of email messages include a variety of subject lines and general appear around the beginning of the academic year. Students are targeted by phishing emails that include fake job offers, personal assistant offers, retail jobs, and research opportunities and may appear to be from legitimate businesses. Often these messages ask students for personal information.

In addition, entities posing as Elon faculty may offer work programs in exchange for a “check” or “gift card”. These are common scams that seek to extort money from victims. Elon University has a strict process for student employment of any kind. Please check with Human Resources before responding to any job offer and NEVER provide any personal information in email.

EMAIL CONFIRMATION REQUIRED

This phishing attack isoften comes from spoofed ort compromised Elon accounts. If you receive a message with the subject line of: “Email confirmation.” from any Elon email account, please delete the email. Do not respond to it and do not scan the QR code or click on the embedded links.

Access Denied / Account Suspension

This is a phishing email that threatens loss of an account or account access if a “revalidation” or “reset” action is not performed. Often the link will send the victim to a malicious site that will ask for sensitive information, likely username and password, or some other personal information (address, phone number, banking information, etc.). They may use a QR Code which makes inspecting the link particularly difficult for the victim.  Never access a QR code in an email or text message.

IT University Email Out-of-Date

This is a phishing email that often appear to come from a support individual at Elon. The email claims the recipients account settings are out-of-date and must be updated. NEVER supply your crentials and immediately delete these types of emails.  If you have already submitted the form, immediately reset your Elon Account password and alert the Technology Service Desk at (336) 278-5200.

Phishing messages often try to prompt user action through a false sense of urgency involving account maintenance or mailbox deletion.  Recent phishing attempts have introduced a prompt to accept MFA call notifications as well.  Elon strongly encourages the use of Duo push notifications to registered Duo devices over call prompts.

XXXXXX Wants to Share a File With You

Online scammers are now using cloud services like Office 365 to steal user credentials. File sharing among colleagues and others within these services has become a common practice, and cybercriminals know this.  Before responding to any file share reuqest, VERBALLY confirm the request with the sender.  Often these types of messages come from COMPROMISED Elon accounts.

Seasonal phishing attacks

Online scammers are very familiar with university operations. They know when to send certain types of emails based on the time of the year.  Be familiar with the phishing threats listed below as they will pop up in our environment throughout the year.

  • Spoofed emails can come from a colleague, professor, department, or a person in authority. Ensure the name and email address on the message correspond. Spoofed emails are NOT an indication that the account has been hacked. Common spoofed emails include Gift Card Scams and Money Transfer Scams.
  • Fake job offers from faculty and staff.  Understand how student job offers are advertised and processed at the university.
  • Fake transcript offers from spoffed accounts.  Understand how students should obtain a copy of their transcripts.
  • Fake computer account warnings – know that Elon will never threaten that your computer account will be suspended or deleted.
  • Any message marked “Urgent” or messages that sound threatening as phishers use that technique to scare individuals into acting quickly.
  • Messages that asks you to provide sensitive information such as your user-id, password, SSN# or banking information as NO legitimate company will ask you to share these over e mail or a text message. Emails requesting credentials to access a file are often phishing emails,.
  • Messages that request credentials for spoofed Google or SharePoint file sharing. Unless you verbally confirm the request with the sender, you should delete the message.
  • Phishing is not just for email anymore. Phishing now happens via texting, phone calling, and voicemail.

Knowing Elon’s business practices for job postings, transcript requests, HR procedures, file sharing practices and computer account changes and updates are your best protection against getting phished!