Members of the Johns Hopkins community are being targeted by a phishing scam in which an email appearing to be from the institution says, "You have an important message." It asks the recipient to click a link to a login page that may look real but is a fake page intended to steal login credentials.
Do not open it.
In an email alerting the university community to the scam, Stephanie Reel, vice provost for information technology and chief information officer, and Darren Lacey, chief information security officer, explained how employees should protect both personal information and the security of Johns Hopkins' systems.
"Please be extremely cautious about any email that asks you to follow a link and enter your login or other personal information," they wrote.
Here are the steps they encourage email recipients to follow:
Before entering any information on a webpage that you believe is from Johns Hopkins, check the URL, which is the website address found at the top of the page. Johns Hopkins' login page address starts with login.johnshopkins.edu/. The URL of a fake page may include the words "Johns Hopkins" or "JHU" or "JHHS," but if it does not follow this format, you are not on the actual login site.
If you receive an email message in your Johns Hopkins inbox that you suspect is a phishing scam, forward it as an attachment to IT and then promptly delete it. The address to use is the word "spam" followed by @jhu.edu.
More information about protecting yourself from phishing scams is on the IT website, which can be accessed by entering it.johnshopkins.edu in your browser and, when you get to the page, clicking on the security link in the navigation bar.