Watch out for new phishing scam

The Johns Hopkins community continues to be targeted by phishing scams in which emails appearing to be from the institution attempt to get recipients to share their login credentials. This time, the phishing email says, "Your JHU account needs to be validated," and it has a link to a fake login site.

All faculty, staff, and students need to be extremely cautious about any email that asks them to go to a web page and log in.

In an email alerting the university community to the scam, Stephanie Reel, vice provost for information technology and chief information officer, and Darren Lacey, chief information security officer, reminded employees to take steps to protect both personal information and the security of Johns Hopkins' systems.

• Before following a link in an email, point your mouse at the link until the URL (the web address) appears, allowing you to see where the link will take you. Johns Hopkins' login page address starts with login.johnshopkins.edu/. The URL of a fake page may include the words "Johns Hopkins" or "JHU" or "JHHS," but if it does not follow this format, you are not going to the actual login site.
• Before entering any information on a web page that you believe is from Johns Hopkins, you also can check the URL in the box found at the top of the page.
• If you receive an email message in your Johns Hopkins inbox that you suspect is a phishing scam, forward it as an attachment to IT and then promptly delete it. The address to use is the word "spam" followed by @jhu.edu.

Over the next several weeks and months, IT at Johns Hopkins will be conducting anti-phishing awareness campaigns that may involve sending their own, nonharmful, phishing-style messages to assist in their analysis. Individuals who open links or send credentials to fake sites as part of a Johns Hopkins test will receive awareness-raising information.

"This technique of real-time awareness has proved effective at other institutions and is widely practiced," Reel and Lacey said in their email.

More information about protecting yourself from phishing scams is on the IT website, which can be accessed by entering it.johnshopkins.edu in your browser and, when you get to the page, clicking on the Security link in the navigation bar.