IT has received reports of fake/spoofed emails to faculty and staff. Many are highly targeted, using the name and directory contact information of managers, department chairs, and administrators so the message appears to be coming from a legitimate sender. Here are some tips to help protect you from suspicious emails and requests.
Tip #1: Beware of odd-sounding/impersonal requests from acquaintances.
Many attacks will sound odd to those acquainted with the person whose identity is being used. They won’t address the recipient, as the emails are templates they spam to their entire list.
Requests are vague, like “Assistance needed,” “Please contact me urgently,” or “Are you available?” but without any context, which should raise more questions than responses.
If you notice any of these oddities, check the email’s address. It may not match the person you normally correspond with. To confirm legitimacy, try contacting that person by phone or write a new email using the official address in the CTAHR directory.
Tip #2: In most phishing attacks, your email and usernames are safe.
Impersonators use fake, temporary emails to impersonate your name only. They will try to impersonate your signature. However, if you view the email address, it might be randomly generated names and numbers, not your @hawaii.edu or @ctahr.hawaii.edu address.
If your name is being used in phishing attacks, contact CTAHR IT (firstname.lastname@example.org) immediately.
Tip #3: When in doubt, contact IT.
IT is here to assist you! If an email is suspicious, forward it to email@example.com with an inquiry. They will determine the legitimacy and assess next steps.
Don’t feel bad about trying to get confirmation. These new attacks are very targeted and designed to confuse you with legitimate-looking messages.
Tip #4: Stay safe out there!
As we, along with many in the nation, shift to distance work environments, bad actors will use this opportunity to exploit people. Let’s all work together to keep each other informed and safe.
You can find more information on phishing attacks on the ITS website under Phishing.