TOOLS + TECH

IT issues warning about new email spoofing attack

Follow these 8 Do's and Don'ts to keep information and networks safe from scammers

IT at Johns Hopkins is warning employees to look out for a new email scam after several individuals received emails that looked like they were from a Hopkins executive but were actually sent from non-Hopkins email accounts such as AOL, Gmail, or Yahoo. The emails asked the recipients to modify direct deposit accounts, wire money, or forward gift cards.

This type of phishing attack is called spoofing, and the spoofed accounts can be very difficult to identify, especially on mobile devices.

"It is important that you be cautious about any email that asks you to perform an action such as changing a direct deposit, following a link, entering a login, or providing other personal information," says Darren Lacey, chief information security officer, in an email to faculty and staff. "In some cases, phishers use phony but realistic-looking websites, or email messages that appear to be from trusted businesses and brands, in order to steal information."

Lacey offered several Do's and Don'ts to protect yourself and the organization:

  • DON'T send passwords or any sensitive information via email.
  • DON'T click on "verify your account" or "login" links in any email.
  • DON'T reply to, click on links in, or open attachments in an email unless it's from a known, trusted, and verified sender.
  • DON'T call a phone number in an unsolicited email or give sensitive data to a caller.
  • DO be cautious about opening attachments, even from trusted senders.
  • DO look carefully at the URLs of sites where you are being sent.
  • DO look carefully at the full email address of senders.
  • DO send phishing, spoofing, and other suspect emails to IT. The address is the word "spam" followed by @jhu.edu.

"Everyone in our organization plays a role in making sure our information and networks are protected," Lacey says.

Posted in News+Info