Carnegie Mellon University
Tuesday, March 22, 2016

Campus Scam Alerts

Dear Faculty and Staff, I am writing to alert you to a number of recent -- and, unfortunately, successful -- email phishing scams that have been received by faculty and staff at Carnegie Mellon or by other schools. These scams target Workday users, DropBox users, Blackboard users, and research faculty with the goal of capturing login ids and passwords for various purposes. They impersonate our official email addresses and service providers. The email messages and websites they lead to are sophisticated, look legitimate, and require due diligence in detecting and reporting. See additional details for each of these scams below. As April 1 approaches, a day notorious for pranks and scams, please be on increased alert for scams: Avoid clicking on links or opening attachments in unexpected email; Check in with senders to be sure a message is legitimate before taking action; Never send your username and password in response to an email, no matter how urgent sounding; Validate URLs or use known good URLs or bookmarks to navigate to university services; Question unexpected callers before providing requested information. If you receive suspicious emails, phone calls or other forms of contact, please report as soon as possible to The ISO will triage the situation and if necessary block campus access to malicious destinations, notify affected parties, and take other actions to contain harmful effects. The sooner you report, the sooner we can protect. From the entire ISO team, thank you for remaining vigilant, reporting concerns, following procedures, and assisting in our response efforts. We appreciate your partnership in keep CMU's data, systems, and networks secure. Thank you, Mary Ann BlairDirector of Information SecurityCarnegie Mellon
Load more articles