Chief Information Officer Mir Qader reminds all employees of Madison College to be wary of phishing – the attempt to fraudulently obtain confidential information such as passwords, user names and credit card numbers by posing as a legitimate organization. Recently, some faculty and staff received messages titled "IMPORTANT INFORMATION FOR ALL MADISON COLLEGE EMPLOYEES ON POLICIES AND COMPLIANCE PROCEDURES” that originated from an outside email address (e.g.lbschools.net) rather than from madisoncollege.edu. Staff in IT were able to intercept many of these issues from going too far.
Please be advised that the college might be receiving the same type of phishing messages in the near future and over the summer break. The people behind the campaign want employees' passwords, access to financial/payroll records, etc.
The message looked like it came from President Jack E. Daniels III, but the President did not send the message.
Hints that the message was not legitimate:
- Sender’s email address is not from Madison College.
- Attached document name is non-descriptive and generic.
- Message does not follow normal all-staff email format.
- Several grammar issues in the write-up E.g., “This Polices and Practices…” and “…information is attached in this email, It is…”
- The email ends with a generic, non-standard signature line.
- The email asks you to go to an attachment and take some action.
- Hovering over the link would show you the source link, which is not from Madison College.
Some people may have clicked on the link by mistake since this is a well-crafted message. The passwords of people who clicked on this message were changed.
Note: If staff and faculty are forwarding messages to their personal accounts at Gmail or Hotmail, etc., the college has no way of providing many of safeguards that it has on @madisoncollege.edu accounts.
The college's security awareness training covers this kind of issue. Anyone who has not taken the security awareness training, is asked to do so (see below).
If you see a message that appears suspicious, do not click on any links and remove the message from your inbox.
Please do not hesitate to immediately contact the TS Help Desk at Helpdesk@madisoncollege.edu or (608) 246-6666 anytime you feel you have a potential IT security issue or concern.
Also, please make sure to complete the security awareness training as soon as possible; it is available at the following SharePoint site: http://facstaff.madisoncollege.edu/awareness
Published May 16, 2018. Updated May 21, 2018.