Emails reported to the Information Security Office or Help Desk will be listed here. The emails will be identified as phishing or legitimate, with helpful clues as to why the message is malicious or legitimate. Contact firstname.lastname@example.org to report a phishing email.
Listserv Phishing Notice
July 12, 2022
Tags Information Security
It might be a Phish
Listserv is being used more frequently as the origination point for phishing messages to the Hamilton community. Miscreants (malicious actors that are misusing information technology resources) are spoofing listserv messages with a default ReplyTo address as a legitimate Hamilton College user. The approval request for posting a listserv message is then sent to a valid Hamilton College user. If approved, the phishing message is then distributed to all recipients on a listserv list.
The Information Security Office recommends that students, faculty, and staff treat unsolicited email and spam with a high degree of skepticism. If you receive a ListServ email to approve a message that you did not create, do not approve sending the message! Simply delete the message and do not reply, and do not open the message, or click any links provided. If you have already approved the ListServ message or clicked a link, please contact the LITS Help Desk immediately.
Here is an example message. Please note that the ListServ portion of the message is legitimate as it comes from the Hamilton College ListServ server. You can see the phishing message in the content of the message. This ListServ request is to approve sending a message.
Exercise caution when approving ListServ messages. Only approve ListServ messages you created!