Despite more than a dozen (really!) levels of protection between the internet and your JH mailbox, there is a constant dribble of criminal email into our systems. Most computer crime is inexpensive or free to commit, meaning that even a very small chance of payoff can still reward a criminal’s effort. At the same time, this fraud is incredibly annoying for computer users in terms of lost productivity and occasionally causes financial harm.
By now most people are used to dealing with these issues, but we want you to be safe and are collecting some overview information here on how to respond to these threats.
- Under no circumstances will WSE leadership ask you for your cell phone number, gift cards, or other cash. Email asking for those will often appear to come from faculty or administration, but will actually be from a free Gmail address with a fake return name. These are a scam and do not mean that the sender’s email has been compromised. The scam usually works by having the victim purchase gift cards and text images of the cards’ codes to the scammer.
- Your defense is to forward the suspicious message to email@example.com so it can be investigated and tagged for the rest of the community.
- We suggest turning on the EXTERNAL EMAIL – USE CAUTION flag on your mail to make these scam messages more obvious.
- Be very careful of pages where you enter your JHED (JH login username and password). Phishing emails will often send you to a faked login page and record the credentials you type in there. REAL JH sites should all have the same appearance you’re accustomed to from sites like MyJH – the blue page with a white center, with username and password on different screens. The host for a valid login page should be login.microsoft.com. If you’re at all suspicious, consult firstname.lastname@example.org.
- The IRS will never call you demanding immediate payment or a specific payment method, ask for credit cards over the phone, or threaten immediate arrest. In past years we have seen waves of emails, text messages, and phone calls impersonating the IRS.
- Your defense is to file your taxes early, to prevent fraudulent filings in your name, and to use the secure online delivery of your W2 documents.
- All legitimate federal tax payments are made to the US Treasury, not to any third party.
If you’re at all unsure about the authenticity of some communication, the best answer is to send an email to email@example.com, or for payroll-related issues to contact WSE’s HR department.
If you do fall for one of these messages, here’s what to do:
- The gift card scams involve no stolen credentials. There are no compromised email accounts, and even if you give out your cell number there is very little compromise of your privacy. You don’t have to do anything (except make sure the original emails from scammers are forwarded to firstname.lastname@example.org).
- If you simply clicked through to a phishing page but did not enter your password, you also have nothing to worry about on a computer with up to date web browsers and virus protection. You should make sure the original emails are forwarded to email@example.com.
- If you entered your password on a phishing page, or have any reason to suspect your financial information has been compromised, please immediately reset your JHED password and contact firstname.lastname@example.org.
If you’d like some training on IT security, Hopkins has created a good, short training of some important principles. Go to MyLearning and search on “Information Security and Data Management.”
Here are some previous University communications on these issues: