Phishing - Our Adminstrator has begun the process

SHARE
×î¿ì¿ª½±Ö±²¥½ÁÖé½á¹û Cybersecurity

Over the last week, the Enterprise Technology & Services (ET&S) Cybersecurity team detected over 1,000 fake account termination emails with the subject "Our administrator has begun the process" phishing messages. Here are the message details (scroll to the bottom for a screenshot) and remediation steps if you received this message and clicked on a link:

  • ³§±ð²Ô»å±ð°ùÌý- Did you know you can hover over a sender in an email to get additional information? The sender in this email is a student. Students will never send out messages about your ×î¿ì¿ª½±Ö±²¥½ÁÖé½á¹û accounts.
  • Subject LineÌý- Our Administrator has begun the process - attackers use 'administrator' to make the email sound more official and as a first attempt to instill a sense of fear or urgency
  • Sender InformationÌý– Did you know you can also hover over the URL in an email to check the actual link? This one takes the recipient to a Google Doc/Form. ×î¿ì¿ª½±Ö±²¥½ÁÖé½á¹û willÌý²Ô±ð±¹±ð°ùÌýask you to update your account information via a Google or any other form
  • PhrasingÌýand consequences without additional informationÌý- This message states we "expect you to adhere to" but gives no point of reference for what is supposed to be adhered to. Also, some statements are poorly phrased, which can be an immediate sign of a phishing email.
  • Delivery TimeÌý- It is not likely ET&S account notifications will be sent during "non-normal" business hours. All communications should be sent during normal working hours to ensure recipients see the message.
How to spot phishing
how to spot phish2

Ìý

What to do if you responsed/clicked on a link in the message
If you clicked on the link in a message like this one, ×î¿ì¿ª½±Ö±²¥½ÁÖé½á¹û Cybersecurity strongly recommends changing your password via the MyAccount password reset toolÌýas soon as possible.ÌýÌý
To do so, follow these steps:

  1. Go toÌý.
  2. Sign in with your institutional username and password (for example, abc123 @psu.edu).
  3. Select ‘Change Password’ and follow the steps.

If you are unable to access the MyAccount portal, please call your campus ET&S Help Desk:

  • GSC -Ìý1-888-372-4270
  • Keene State - 603-358-2532
  • Plymouth State -Ìý603-535-2929
  • UNH -Ìý603-862-4242

×î¿ì¿ª½±Ö±²¥½ÁÖé½á¹û Cybersecurity is working to remove the message from the mailboxes of those who received it.

Thank you to those who reported these messages as Phishing. If you receive messages you believe to be Phishing attempts, please forward the message(s) toÌýPhishing.Report@usnh.eduÌýor report the message by using the Report feature in Outlook. If you are unsure if a message may be phishing, please reference the ×î¿ì¿ª½±Ö±²¥½ÁÖé½á¹ûÌýÌýor contactÌýIT.Security@unh.edu.

Categories