What Is Phishing?
Phishing is the practice where a malicious person or people impersonate someone for malicious gain. These people will try and gain information, such as passwords or login information. Being aware of phishing attempts and following the points below will keep your information safe. If you believe your Siena Heights credentials have been compromised, immediately reset your password through MySiena or office.com.
As a reminder, IT will NEVER ask for your password! You should only enter your password into trusted websites!
Keeping Your Account Secure
Siena Heights IT recommends the below methods to keep your account secure.
Stay Alert & Use Common Sense
Common errors in phishing emails include grammatical errors and strange characters. If an email is difficult to read, or is short and simply asks you to open an attachment or view a link, it is most likely a phishing attempt.
If you click on a link, check the URL. If the website is trying to act or look like another website, close the tab immediately.
Call for Clarification
If you receive an email from a department, call them! Calling the on-campus office or person may reveal they never sent the request in the first place. If this occurs, contact IT immediately so we can investigate. Call x7655 and let our helpdesk know you have suspicious activity to report.
Grammatical Errors & Odd Requests
If you receive an email that seems unusual or questionable, do not reply or interact with the email. Attachments or links in questionable emails can contain viruses or websites that will steal your information. Always double-check the sender if you are suspicious of the email. Do not hand over sensitive information without verification as to why it is needed.
Follow-up for More Information
You can also send an email to ask for more information. If an email comes through from your “boss” but seems suspicious, send your boss a new email asking for clarification. Do not trust the email sent to be the real email address for your boss. If the email does not originate from sienaheights.edu and is impersonating a faculty/staff member, do not send sensitive information or reply.
Check the Sender of an Email
Check the address the email was sent from. Check the “Send Email” field after double-clicking. If the email looks suspicious and is not from a @sienaheights.edu email address, do not reply. You can contact the IT helpdesk by emailing us at helpdesk@sienaheights.edu or calling us at x7655 if you have questions about an email.
Account Security & Phishing Training for Faculty & Staff
IT Services provides training courses through InfosecIQ on keeping your account secure online. This training is available to all current faculty and staff. These courses also educate on the different types of phishing, how accounts get compromised, and what to look out for when visiting websites and emails.
To log in to the learner dashboard for InfosecIQ, visit the following page: Login Page for InfosecIQ
Interested students can contact the IT Help Desk for more information on how this training can be provided to them.
Common Phishing Requests
Below are common phishing requests. If you are asked to perform any of the following, be cautious as the email may not be a legitimate request.
- Purchase gift cards and send the codes via email.
- Open a document shared through Dropbox, OneDrive, Google Drive, etc. If you do not know the person sharing the document, never click on the link.
- Visit a page to login with your Siena Credentials.
- Visit a page to reset your password (Note: IT will never ask you to visit a page to reset your password. Only reset your password through mySiena or one of the computers on campus).
- Follow a link to increase your mailbox space.
The above are phishing attempts. Do not reply or engage with them!
Examples of Phishing Emails
The below image gallery is a collection of real phishing emails sent by malicious people. These emails work, and have been used to phish the SHU community. Click one of the below pictures to enlarge the view.
Fake file share request 
Fake job offer 
Fake job offer with link to a form requesting personal information