Wednesday evening, TCU was again the target of a two-step phishing email campaign. Phishing emails are fake messages that try to steal your personal information.
Please, take a few minutes to review the information below about the recent phishing attacks to help determine if you need to take any action.
Examples of the Recent Phishing Attempts
First Phishing Email from 9-30-2020
- The goal of the first phishing message was to gather TCU credentials. The message looked something like this.
- The link led to a generic site used to harvest usernames and passwords. We were able to isolate those that we believe fell for this phishing attempt but if you entered your TCU password on this form, you need to change your password immediately.
Second Phishing Email from 9-30-2020
- After successfully gathering passwords from individuals who responded to the first message, a second message was sent involving a fake employment scam.
- While there were no links to follow in the second message, replies were configured to be sent to an external Gmail address. If you responded to the solicitation and you have received a reply from this address, please contact ITSecurityServices@tcu.edu.
- DO NOT continue any conversation with the phisher via personal email or text.
- Fake employment scams often offer tempting pay in exchange for relatively little effort. Scams often attempt to move communication outside of TCU systems so we cannot detect or block the correspondence. If it sounds too good to be true, it usually is.
We will likely continue to see similar phishing messages and scams in the weeks ahead. We appreciate your continued vigilance and assistance preventing the spread of these fraudulent messages. Please, send all suspected phishing email to firstname.lastname@example.org.