Recent Influx of Spam and Phishing Emails

The IT division was made aware of multiple spam and phishing attacks aimed at our University community. These attacks were sent from compromised user accounts at our university resulting in these emails to seem more legitimate. IT provides multiple pages on our website offering common phishing tactics and ways to stay safe online. You can review these helpful tips by visiting our Phishing & Account Security page, or by clicking on the page link below.

In regards to the specific emails that were sent out today, we will go into further detail on how to detect these as phishing/scam emails below. The emails being referenced were titled “mySHU Email – Account Recovery” and “Having trouble making payments”.

Verify the Email Sender

The messages earlier today were all sent from Siena Heights University email addresses. That would make them legitimate, right? Unfortunately, not really. If an account is compromised, either through one of these phishing forms or the use of a re-used password over multiple accounts, other Siena Heights University accounts may send out malicious emails. IT has measures in place to catch most of these compromised accounts before they can send out spam, but these attackers can manage to bypass these measures.

Every spam/phishing email sent out on January 26 was sent from a compromised student account. These emails were asking other students, faculty, and staff to confirm their account information, and to verify payment details to the university. It should be noted that these two requests will NEVER be asked over email, especially by fellow students. You will also NEVER be asked for your password in for verification by IT or any other member of the university.

How can you tell whether these are students or legitimate staff/faculty? If you are using either the Outlook Desktop App (installed on every university PC on-campus) or the web version of Outlook (https://outlook.office.com), you can hover over the sender’s name and/or profile picture to gather more information. All staff at our university are marked with the “Staff” text. All faculty/instructors are marked with the “Faculty” text. Students will be marked either with “Undergraduate Student” or “Graduate Student” depending on the program they are in. With this information, you can determine whether the sender is a student, faculty, or staff member.

Display of the text for staff, student, and faculty via the Outlook profile.
Text displaying under the name and profile pictures of email senders in Outlook. You can view this text by hovering over the name or profile picture of the sender.

Do Not Click Suspicious Links

If you receive an email asking for account or credit card information, it is most likely a scam or phishing attempt. By hovering over linked text or a link in an email, you can see what website is linked. For example, by hovering over the link in one of the emails from this morning, you would see the link takes you to a website hosted at https://sitebuilder.name.tools. For an email requesting such sensitive information relating to your SHU account, a website like this should never be collecting important information.

It is also important to note that the university will NEVER send out Google Forms to collect personal information, especially passwords. Google has taken measures to remind users of this as well by adding the text “Never submit passwords through Google Forms” at the bottom of every form. If you see a Google form asking for personal information, especially passwords, do not submit the form and close out of the tab. If you would like to be proactive, you can also report the form for abuse using the “Report Abuse” link at the bottom of every Google Form.

Google Forms submit button with the text 'Never submit passwords through Google Forms.'
Reminder on every Google Form to never submit your password.