Due to a rise in targeted scams against the University community, the Information Security and Assurance team would like to share some information to safeguard your account and information.
A phishing scam is one where an authentic-looking email or text message is sent to you attempting to gain access to your PII (personal identifiable information) or your Fordham accounts. They consist of several parts:
How Do Phishing Campaigns Work?
- A scammer guesses or gains access to your password through social engineering or malicious links.
- They then send you a DUO prompt (text, call, etc.) after attempting to log into your account.
- You provide the DUO approval, believing it to be legitimate.
- The scammer then accesses your email to send out thousands of similar scam/phishing messages to other Fordham students/faculty. These messages can contain fraudulent job postings or research opportunities.
- The emails attackers will send out from your account will often include a link to a Google form or non Fordham sanctioned medium to request information from others such as…
- Full name
- Home address
- Phone #
- Social Security #
- Bank account information
- Pets names, or other information about yourself that seem benign but can be used to gain access to other accounts.
What Happens Once You Start Corresponding With a Scammer?
Once someone falls for a scam, the attacker may ask the student to cash a check and send them money back as part of the student’s job responsibilities.
However, the check the scammers send victims is fake. Once the check bounces, funds are still withdrawn from the victim’s account, leaving them responsible for the money sent to the scammer.
These scams require several steps to work, but even partial success results in mass disruption to the University community and its individual members.
How To Avoid Falling For Phishing Scams
- Make Your Passwords Hard To Guess.
- Avoid using pets names, family names, addresses, nicknames, birthdates.
- The longer the password is, the harder it is to crack.
- Use phrases instead of words.
- Use numbers and symbols as substitutes for letters. For example: F0rdh@mR@m$ instead of FordhamRams.
- Do Not Share Your Passwords With Anyone Else.
- Do Not Reuse Passwords.
- Keep a password manager to store your passwords securely and avoid reusing passwords.
- If You Didn’t Login Into Your Fordham Account, Don’t Accept Any DUO Notifications.
- Do not Click the green check box
- If you receive a call from duo mobile asking you to authenticate, Press 1.
- Do not Give the texted code to anyone.
These are safeguards to ensure YOU are the person who is accessing private applications. If you are not the person requesting DUO authentication, then someone else is. Don’t give them access!
- If you Receive and Email With A Link And Am Unsure Of Its Legitimacy, Do Not Click On It.
- If You Believe An Email Is Phishy- Report It!
- There is a reporting method built into our GMail solution, called Cofense Reporter
- Information Security & Assurance will respond to your report within 2 business days.
- Do Not Fill Out Forms From People You Don’t Know
- Do Not Cash Checks From People You Don’t Know
- If the check is written on an overdrawn or closed account, you will be held accountable for the funds and any fees the bank charges.