Security Tip: SHSU Email Phishing Attempt

IT_Cybersecurity_CampaignGraphic_Standard_color


What happened?

On February 7, 2019, our university experienced a large-scale phishing attempt that sent over 6 thousand emails out to SHSU students, faculty and staff. Cybercriminals sent emails using seemingly legitimate subject lines to get SHSU recipients to open the email and click the link in the message. This link sent the reader to a malicious site that asked for your SHSU username and password. The message of these emails is similar to the example below:

Message_phishing

With the quick thinking of our university community, these emails were reported allowing IT@Sam to respond quickly. The phishing attempt was contained and the malicious site is now removed with no harm to SHSU.

How can you continue to protect yourself and the university?

The answer is simple. …Remember to “Stop. Think Protect.”

STOP.

  • Be wary of emails with subject line that seem unusual.
  • Look for hyperlinks or attachments that are trying to send you to a website.
  • Practice caution when these links send you to the SHSU login page.

THINK.

  • Do you know the sender?
  • Is the subject unusual for the sender? E.g. An email from a student notifying the university of a construction closure.
  • Is the body of the message unusual? E.g. No verbiage, just a link trying to send you to a website for “more information”.

PROTECT.

  • If you know the sender, call or text them to confirm they sent the email and report it if they didn’t.
  • Don’t enter your SHSU username and password when sent to the SHSU login page from a link in your email.
  • For your SHSU email account, report suspicious emails to abuse@shsu.edu.