Beware of scams via Microsoft Teams

Information Technology recently notified the JMU community about a wave of email scams (known as "phishing") that came from accounts within the JMU system over the past several weeks. Typically, these types of phishing attacks are sent when an attacker gains unauthorized access to an account, retrieves a list of email accounts from the directory, and then sends scam emails from the compromised account. These types of messages may include links to fake login screens (in an attempt to steal more account logins), messages that urge the user to input bank account information, fake job solicitations, etc. This is why a strong password, combined with the user only accepting Duo pushes that they initiated, are the best line of defense for preventing compromised accounts.

Unfortunately, if an attacker does gain access to a user's Microsoft account, then it is possible that similar scam messages may be sent via Microsoft Teams. To keep campus cyber-secure, IT highly recommends that all users exercise extreme caution when receiving messages via Chat or Channel Conversations in Teams that they were not expecting, especially if those messages contain links that they were not expecting. The same advice previously given regarding email scams applies to Teams messages as well!

A good phrase to abide by: "If you weren't expecting it, don't accept it."