Our email systems have been experiencing a high volume of fraudulent email messages asking users to provide account information by clicking a link and then entering personal account information on a web form, Google doc, or via email. These attempts are known as “phishing” and are an identify theft attempt.
Important notes on phishing
- HSPH Department of Information Technology will never ask you to send your password via e-mail or complete a web form asking for username and password of any system. In fact, the HSPH IT Office does not know your password for any system. If you forget your password to any system, we assist you with resetting it.
- Most phishing attempts are caught by spam filtering; however, the attempts are constantly evolving and improving. A few attempts do pass filtering.
- HSPH IT reports known phishing attempts to both Harvard University Information Technology and Google (if a Google doc is involved for data collection).
I received a phishing email. What do I do?
- Delete the message. Do not click any links or provide any information.
- You may also forward the email to firstname.lastname@example.org for reporting.
How do I tell if it is phishing?
- Any message asking for your username and password is phishing and fraudulent.
- Other clues to look for include:
- Odd URLs that may contain HSPH or Harvard, but link to .com addresses
- Poor grammar and misspellings
- Poorly or incorrectly used HSPH or Harvard logos
- Dramatic language about your account being closed, suspended, … “failure to respond will result in immediate account suspension”
- Link to Google docs spreadsheet to provide personal information.
I was the victim of a phishing attempt. I entered my data. What do I do?
- Change your passwords immediately for any affected account.
- Please contact the HSPH Helpdesk for further guidance, 617-432-HELP.
Example Phishing Attack:
Your mailbox have exceeded limit set by the Admin due To hidden files And folder On Your mailbox. You will not be able to send or receive mails except you re-validate your account and complete the required details now
To re-validate your account CLICK HERE or visit http://www.example.com/
This is a growing problem for email systems everywhere. Below are some resources for further information on the issue: