Skip to McMaster Navigation Skip to Site Navigation Skip to main content
McMaster logo

Office of the AVP & CTO

INFORMATION TECHNOLOGY SECURITY

Phishing Email: McMaster ITS

Description of Phishing Email:

This email is a deceptive phishing attempt designed to impersonate McMaster University’s IT Services. Its goal is to trick recipients into revealing sensitive information, such as personal login credentials, or clicking on malicious links under the guise of an account deactivation notice. The message uses a sense of urgency, falsely claiming that the recipient’s account will be disabled if they do not respond immediately. Users are urged to verify any suspicious emails by contacting the official IT department directly, avoiding any interactions with unverified links or requests for personal information.

 

Screenshot of Phishing email:

Details Below

 

Text of the Email:

Dear Students,

 

Your McMaster online account is scheduled to be disabled on 06-08-2024. This is an automated process that happens once students are no longer active for a full calendar year, typically a result of withdrawing from the university or not meeting degree requirements.

Before your account is disabled, please take a moment to download any important files or resources directly to your personal device or other online accounts for future use.

Once your account is disabled, you’ll no longer have access to your McMaster account, including:

  • Your McMaster email, calendar, contacts
  • Microsoft OneDrive and SharePoint accounts and files
  • Google Drive
  • Microsoft Teams and other Microsoft 365 products (Word, Excel, PowerPoint)
  • Adobe Creative Cloud and Document Cloud
  • MyMcMaster portal
  • Student Hub

You’re to provide the requested information below via SMS ONLY to {Number} to verify your McMaster account immediately to avoid deactivation & book an appointment:

 

  • Full Name:
  • Cell Phone Number:
  • JoinID/Username:
  • Passw0rd:
  • Campus Email:
  • 3 Set of  Duo / MFA 6 digit passcode on your Duo Mobile:

 

For additional questions and assistance, or if you believe you’re receiving this message in error, please contact the IT Service Desk 24/7 at  {Email}, or visit the Tech Service Portal. Toll-free and international calling options are also available for contacting the IT Service Desk.

 

 

How to protect yourself?

  1.  Verify Email Sender: Always check the sender’s email address and ensure it’s from an official domain. Be cautious of any unusual or unfamiliar email addresses.
  2.  Avoid Clicking on Suspicious Links: Hover over links to see where they lead before clicking. If you’re unsure, go directly to the official website instead of using links from the email.
  3.  Don’t Share Personal Information: Legitimate institutions will never ask for sensitive information, such as passwords or personal details, through email. Always contact the organization directly if you’re unsure.

 

 

Important Notes:

  1.  Look for Urgency: Phishing emails often create a false sense of urgency or threats, such as account deactivation or security breaches. Legitimate organizations typically won’t rush you into making quick decisions.
  2. Check for Grammar or Spelling Errors: Many phishing emails contain subtle grammar or spelling mistakes, which can be a sign the email isn’t legitimate.
  3.  Use Multi-Factor Authentication (MFA): Even if your credentials are compromised, MFA adds an extra layer of protection by requiring a second form of verification. This can prevent unauthorized access.
  4.  Always Report Suspicious Emails: If you’re ever unsure about an email or believe it may be a phishing attempt, report it immediately to your IT department at is-spam@mcmaster.ca. Reporting helps protect others and mitigates security risks.
 Phish Bowl