Phishing Email: McMaster ITS
Description of Phishing Email:
This email impersonates McMaster’s IT Services and attempts to trick recipients into providing sensitive information or clicking on malicious links. We advise extreme caution, reminding students and staff to verify the authenticity of emails before taking any action. Vigilance and reporting suspicious emails to ITS are strongly encouraged to mitigate potential security risks.
Screenshot of Phishing email:
Text of the Email:
Dear Students,
Your McMaster online account is scheduled to be disabled on 06-08-2024. This is an automated process that happens once students are no longer active for a full calendar year, typically a result of withdrawing from the university or not meeting degree requirements.
Before your account is disabled, please take a moment to download any important files or resources directly to your personal device or other online accounts for future use.
Once your account is disabled, you’ll no longer have access to your McMaster account, including:
- Your McMaster email, calendar, contacts
- Microsoft OneDrive and SharePoint accounts and files
- Google Drive
- Microsoft Teams and other Microsoft 365 products (Word, Excel, PowerPoint)
- Adobe Creative Cloud and Document Cloud
- MyMcMaster portal
- Student Hub
You’re to provide the requested information below via SMS ONLY to {Number} to verify your McMaster account immediately to avoid deactivation & book an appointment:
- Full Name:
- Cell Phone Number:
- JoinID/Username:
- Passw0rd:
- Campus Email:
- 3 Set of Duo / MFA 6 digit passcode on your Duo Mobile:
For additional questions and assistance, or if you believe you’re receiving this message in error, please contact the IT Service Desk 24/7 at {Email}, or visit the Tech Service Portal. Toll-free and international calling options are also available for contacting the IT Service Desk.
How to protect yourself?
To fortify your defenses against phishing emails purportedly from McMaster University ITS, adhere to these precautions:
- Scrutinize Sender Details: Pay close attention to sender email addresses, ensuring they match official McMaster domains or known contacts.
- Exercise Caution with Links and Attachments: Refrain from clicking on links or downloading attachments from unsolicited emails, particularly those requesting sensitive information.
- Verify Requests for Information: Independently verify the legitimacy of any requests for personal or financial data by contacting McMaster’s IT Services directly through established channels.
- Stay Informed and Vigilant: Remain updated on common phishing tactics and familiarize yourself with McMaster’s official communication protocols. Report any suspicious emails promptly to the university’s IT department for thorough investigation and protection of the McMaster community.
Important Notes:
- Verify Sender Identity: Always double-check the sender’s email address to ensure it matches official McMaster domains or known contacts from the university.
- Exercise Caution with Links and Attachments: Be cautious of clicking on links or downloading attachments from unsolicited emails, especially those requesting personal or sensitive information.
- Confirm Requests for Information: Independently verify any requests for personal or financial data by contacting McMaster’s IT Services directly through established communication channels.
- Stay Informed and Educated: Stay updated on common phishing tactics and familiarize yourself with McMaster’s official communication protocols to recognize potential threats.
- Report Suspicious Activity: Promptly report any suspicious emails to the university’s IT department for investigation and to prevent further phishing attempts within the McMaster community.
Uncategorized