A number of Fordham users have received phishing messages from senders with the address format “firstname.lastname@example.org.” The subject line is some variation of “Payroll Schedule Message.” The messages contain links to a fraudulent sign-in page that mimics the login page for my.fordham.edu. This message is NOT legitimate and is part of a credential-harvesting scam.
Here is an example message:
This is the fraudulent login page. Note that the URL is not associated with Fordham at all:
If you believe you have received this scam message, please do the following:
• Do not respond to the message.
• Do not click on any attachments or links.
• Do not call any number listed.
• Do not provide any private information such as username and password.
• Delete the message.
• If you clicked any links, responded to the email, or provided sensitive information, please contact Fordham IT Customer Care ASAP at (718) 817-3999 for instructions on how to manually reset your password.
Please note: Genuine Fordham employees will only use their @fordham.edu email address. Fordham IT will NEVER ask you for your username and password or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious emails, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these emails.
You may also report potential phishing and malicious emails with one click from your Fordham Gmail safely and in real-time with the Cofense Reporter Gmail add-on. You can learn more about Cofense here: https://itsecurity.blog.fordham.edu/2018/10/04/introducing-cofense-reporter/
If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.