Emails reported to the Information Security Office or Help Desk will be listed here. The emails will be identified as phishing or legitimate, with helpful clues as to why the message is malicious or legitimate. Contact email@example.com to report a phishing email.
1 new message
June 21, 2022
Tags Compromised credentials Information Security
The below phishing message was received by Hamilton College accounts. The email had a number of identifying features to determine it was a phishing message:
- The ReplyTo address had an alias of Hamilton! with an address that is not a valid Hamilton edu account.
- The Subject was a poorly phrased 1 new message.
- The message body was poorly constructed, with an embedded link. By hovering over the link, an questionable URL would be visible.
This message was clearly a phishing message. Do not click on the link!
For any recipients that clicked on the embedded link, a webpage would be opened that spoofed (or imitated) a legitimate Hamilton College Shibboleth Single Sign-On page. The page's contents are visible in this image. The malicious page attempted to have visitors enter their Hamilton College userid and password.
Note the URL at the top of the page is NOT the accepted Hamilton College Shibboleth URL. This is a telling sign to immediately leave the page!
The Information Security Office recommends that students, faculty, and staff treat unsolicited email and spam with a high degree of skepticism. If you receive this message, or any similar message, and fall victim to the Phish and enter your Hamilton College userid and password, please contact the LITS Help Desk immediately! You should also immediately change your Hamilton College password by visiting https://password.hamilton.edu/.