Avoid being a victim of email scams
Information Technology-ComputingOver the past several days, JMU has seen a wave of phishing/email scams. The following advice is helpful to keep yourself protected whenever you receive any phishing attack:
- NEVER type your password into a Google Doc or similar web form that you reached from a link in an email.
- NEVER click “Approve” to confirm a Duo push that you did not initiate.
- IMMEDIATELY change your password if you receive a push notification you did not initiate, because you know someone else has your password.
- NEVER click on a link in a message that you suspect is a scam. In some cases, even if you do not enter your password, a scammer may get a token that allows access to your account (Read More). If you do click a suspicious link, immediately change your password.
- BE SUSPICIOUS if an email asks for an alternate email address. There is no reason a sender would not continue using your JMU email address for a legitimate email. Scammers prefer to contact you at alternate addresses to prevent JMU from blocking them when we learn of the fraud.
- IMMEDIATELY contact your bank and IT Security if you give away your bank account information.
- READ https://www.jmu.edu/student-employment/students/disclaimer.shtml for more advice on detecting job scams.
The current wave of phishing attacks has included multiple types of scams:
- One message is a job scam email containing a link to a Google Doc that requests information such as your password, alternate email, phone number, and/or bank account information.
- A similar job-related message asks you to reply with an alternate email address and phone number. The scammer will then lure you into a conversation and will eventually ask you for further information such as your bank account information.
- Another email is a notification that you have two different logins to two university portals. The email warns that JMU will terminate your account if you do not fill out a Google Doc, which asks for similar information as the job scam emails.
If you have questions, or if you question the legitimacy of an email, please contact the IT Help Desk at (540)568-3555 or helpdesk@jmu.edu. To report a scam email, please see the JMU computing website at: https://www.jmu.edu/computing/security/report-security-incidents-or-abuse.shtml.