Recently the school has come under attack from a massive email phishing campaign. The premise of the fake messages you may have received is that your email account is going to expire, there is something wrong with your payroll account, you have “1 new message,” or something similar. In all cases, the malicious message requests that you click a link, which then brings you to an official looking site (made to look like an Emerson site, such as eCommon or Emerson email) that will ask for your login and password to your Emerson account. The email may have even come from someone with an Emerson email address.
This is common when an account gets compromised – new phishing messages are re-sent to others at Emerson from compromised Emerson accounts. If your Emerson account gets compromised, your account will start sending malicious email and perpetuate this problem, and we will have to disable your email and notify you of what happened.
If you are a recipient of such an email there are a few steps that you should take:
Absolutely do not click on the link or type in your password if you receive any messages resembling what we describe above. Even if you’re unsure if it’s a legitimate message, err on the side of caution.
- To better investigate if the message is malicious, move your mouse pointer over the link. You will see that the URL IS NOT an Emerson address.
- Know that if the IT department requires you take action or log into a service, we will provide a more verbose description of what’s needed. Ask yourself, was this message sent by a human, or a bot?
- If you have any further questions or are unsure about the message, please email the Help Desk (firstname.lastname@example.org) or call them at extension 617-824-8080.
- If you have clicked a malicious link and entered your username and password you need to take immediate action. Visit password.emerson.edu and reset your password, or contact the Help Desk for assistance.
When we no longer have compromised users from this attack, the phishing messages will cease. Unfortunately, we have been managing the recovery of several dozen compromised user accounts.
Vigilance in this matter is the only way that we can combat this type of hacking attempt.