IT Warns Against Phishing Emails

IT Warns Against Phishing Emails


The security of personal information in the digital age is always at risk since threats can easily come from anywhere, including from trusted sources like Fordham University. Director of Information Technology (IT) Security at Fordham, Shannon Ortiz, sent out an email on April 21 alerting students and staff that phishing emails have recently been targeting members of the community.

By definition, a phishing email aims to collect personal or sensitive information from a user by masking itself as a legitimate entity. In this case, members of Fordham reported receiving such emails from valid Fordham University email addresses and contacts, which made the threat particularly widespread.

Elizabeth Cornell, the IT Communications Specialist for Fordham IT, when asked how many members of the Fordham community were affected by this incident,  stated, “We don’t have an exact number,” but continued, “many, many people received one or more of these phishing emails.”  According to Cornell, there is not a specific number of people that need to be affected before an alert is sent out. Instead, she said that this decision “depends on the nature of the phishing email,” and further that “these incidents are handled on a case by case basis.”

None of these emails is ever exactly the same and can pose varying levels of danger, so it is often difficult to defend against them. Cornell said, “Phishers [those who distribute these emails] are very clever people,” which is particularly evident given the way that the emails utilized identities of members of the Fordham community to reach users.

These types of emails also tend to target random members of a community, which makes it hard to prevent from the back end of the network. Cornell made it clear that the “first line of defense is the recipient.” To train users to be aware of these threats, the IT Department had sent out information alongside the alert that advised staff and students about preventive measures and indicators of potentially harmful emails. Cornell said that the Fordham IT systems “are monitored 24 hours a day,” for any such security issues

To conclude, Cornell stated that generally “We [Fordham IT] send out an alert if situation requires heightened community awareness.” She wanted to make it clear that “the community should always be aware.” As a community in the digital age, we should all recognize that such threats exist and make the necessary efforts to protect ourselves and others.

The following information was sent early in the afternoon on April 21. If you have experienced any such issues or are concerned with the security of your email, contact us at [email protected].

We have seen phishing emails with the following subjects:

  • Update
  • New Doc
  • Important
  • Important Message
  • Important!!!
  • Yahoo Security Update
  • Your Yahoo Account Safety Is Our Top Priority

If you believe you have received this phishing message, please do the following

  • Do not respond to the message.
  • Do not click any links within the message.
  • Do not provide any information such as a username (AccessIT ID) and password.

If you responded to the email and provided confidential information:

  • Contact Fordham IT Customer Care ASAP at 718-817-3999.
  • Manually reset your password and disconnect any active login sessions to your Gmail account.
  • Delete the message.

Email Security Tips:

  • NEVER give out your password to anyone, especially in an email. Fordham IT and any other reputable service provider will NEVER ask for your password or personal information via email.
  • NEVER provide personal or sensitive information in an email.
  • Do not click on links in emails. Enter valid website addresses into a browser manually.
  • Do not respond to suspicious emails. If you receive questionable or suspicious emails, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these emails.
  • Be wary of attachments, especially any you weren’t expecting. Send them to IT Customer Care and let the UISO scan them for you.
  • If an email looks fishy, it probably is a phishing email.
  • Do not be fooled by scare tactics threatening to cut off your email, expire your accounts, and so on. Go to the source (my.fordham, your bank, HR, etc.) and validate the claim, but do not rely on the information provided in the email.