July 24 – Phishing Alert

A phishing attack that has been delivered to some users’ mailboxes.  In most of the cases that we know of, the offending message has been properly marked as spam, but there is at least one report of the message coming through directly.

The attack takes the form of an e-mail that claims to provide links to an updated version of Outlook Web Access (OWA).  In reality, the message provides fraudulent links to a malevolent Web site that looks like OWA but actually records your username and password for illegitimate use.  If you enter your username and password, it will redirect you to our actual OWA login page, but the damage will have been done (your username and password will have been collected).  If you believe you may have clicked on this link, please change your password immediately by logging into ePortfolio and choosing the Password Manager tool under the Tools and Links section.  Contact your Desktop Support Specialist if you have any questions.

We are taking steps to block access to the illegitimate site and prevent any further delivery of the e-mail.

Please remember these guidelines that will allow you to identify a phishing attack:

1) ITS will never send an e-mail that includes a link to a page that requests your username and password.  If you receive such and e-mail, no matter how convincing, you should assume it is illegitimate.

2) Any communication from ITS will always be signed by a representative of ITS.  If it is unsigned or includes a general signature such as “Wesleyan ITS”, you should assume it is illegitimate.