It’s only mid-September, classes haven’t even started yet but we’re starting to see phishing scam emails starting to land in email boxes. Fall term is when scammers try to get you to give up your login credentials. They assume you may be new to the College or have let your guard down after a nice Summer break.

One of the latest scams looks like it is from OIT and tries to get you to “confirm your contact details”. It then sends you to a link, fashioned after OIT’s authentication dialog, and attempts to harvest user details from you. Another email asks you to “confirm your email account is still in use”.

Other examples we’ve seen over the years include:

  • Payroll problems based message that leads you to a fake PSU credentials site that tries to capture Duo authentication
  • Google drive or One Drive “shares” that take you to phishing links that try to capture your credentials
  • Fake invoices for tech products
  • Email from dept head/director/etc to other department personnel, asking for a callback

If you get an email with clickable links that lead to authentication requests (login/password), treat them with extreme caution. If there are google drive documents that claim to have been shared to you, visit Google drive directly and see if you can find them there. When in doubt, we recommend directly contacting the source using a prior communications method (or the campus directory) to confirm if the email is legitimate.

Please feel free to send us a specimen to investigate if you suspect something. There are also some steps that you could take to make it easier for OIT to deal with the spread. We have a page with suggestions:

https://cat.pdx.edu/users/guidelines/phishing/