As some of you may be aware, Northeastern University has been the target of multiple phishing campaigns over the past few months that impersonate leaders at the university, including deans, directors, and department chairs. These emails often express urgency and indicate that the sender is unavailable to speak by phone. They request personnel to purchase gift cards in varying amounts through whatever means they have available to them and to provide the codes via email.
Information Technology Services (ITS) continues to work diligently to defend our campus by implementing technical controls and leveraging third-party services to deflect and intercept these kinds of attacks. You can help in the effort to protect our community in the following ways:
- Alert your staff and colleagues of the phishing activities described above and set expectations about the types of communications they can expect to receive from you.
- Advise all of your faculty and staff, regardless of role, to continue to be cautious of any emails that appear to be coming from leadership or other key university personnel, that request gift cards to be purchased or conduct other financial-related activities on their behalf.
- Be wary of emails with spelling and grammatical errors, and with unfamiliar email addresses in the sent from line. Emails of this nature often come from outside of the university.
- Send any suspicious email to email@example.com to validate whether it is phishing.
This nationwide scam poses a significant risk to our university, our reputation and, far more importantly, impacts our faculty, staff, and students. These threats and others, such as ransomware, have increased exponentially globally and show no signs of abating. As scams become more and more sophisticated, the single most effective defense is you, our user community. Your keen awareness, coupled with a healthy dose of suspicion, especially when an email seems “off” or outside of the normal communication from the university, is invaluable.
If you have any questions or feel your account may have been compromised, please contact the ITS Service Desk immediately at 617.373.4357[HELP] or email firstname.lastname@example.org.