Strengthening Our Defenses Against Phishing Attacks

0

Dear Fordham Students,

Due to the growing prevalence of phishing attacks affecting Fordham University, being equipped with effective strategies to combat and prevent such cybersecurity threats is critical. The Office of Information Technology works diligently to protect institutional security, but it is up to all members of the Fordham community to help keep accounts secure by staying vigilant and cautious. 

Please review the tips below to prevent and combat phishing attacks. If you ever receive a suspicious email, immediately report it via the Cofense Reporter Gmail Add-on or the IT Service Desk (helpIT@fordham.edu or 718-817-3999). 

Understanding Account Compromise 

Fordham accounts can become compromised when scammers obtain someone’s password and receive DUO permission to log in. To reduce the risk of revealing your password to nefarious individuals, securely store passwords, use unique passwords for different accounts, and log out when finished. Furthermore, only approve MFA prompts that you initiated. If you receive an MFA prompt that you did not initiate, reset your password immediately.

Watch Out for Phishing Messages

Phishing messages can come from anywhere, including from compromised Fordham accounts,  so always read an email carefully before responding and clicking any links. Be cautious of emails requesting personal info or urgent action and look out for misspellings, generic greetings, and suspicious links or attachments. NOTE: The university will NEVER ask you for your password or personal information via email.

As soon as IT detects a suspicious email and confirms it is not legitimate, Information Security and Assurance scrambles the password of the compromised account and closes any active sessions to protect the account from any future exploitation. 

Stay Informed

Regularly update yourself on the latest phishing tactics and how to spot them. The Fordham IT Security Blog provides extensive guides on phishing identification and best practices for email security. 

Comments are closed.