Phishing - Our Adminstrator has begun the process

SHARE
USNH Cybersecurity

Over the last week, the Enterprise Technology & Services (ET&S) Cybersecurity team detected over 1,000 fake account termination emails with the subject "Our administrator has begun the process" phishing messages. Here are the message details (scroll to the bottom for a screenshot) and remediation steps if you received this message and clicked on a link:

  • Sender - Did you know you can hover over a sender in an email to get additional information? The sender in this email is a student. Students will never send out messages about your USNH accounts.
  • Subject Line - Our Administrator has begun the process - attackers use 'administrator' to make the email sound more official and as a first attempt to instill a sense of fear or urgency
  • Sender Information – Did you know you can also hover over the URL in an email to check the actual link? This one takes the recipient to a Google Doc/Form. USNH will never ask you to update your account information via a Google or any other form
  • Phrasing and consequences without additional information - This message states we "expect you to adhere to" but gives no point of reference for what is supposed to be adhered to. Also, some statements are poorly phrased, which can be an immediate sign of a phishing email.
  • Delivery Time - It is not likely ET&S account notifications will be sent during "non-normal" business hours. All communications should be sent during normal working hours to ensure recipients see the message.
How to spot phishing
how to spot phish2

 

What to do if you responsed/clicked on a link in the message
If you clicked on the link in a message like this one, USNH Cybersecurity strongly recommends changing your password via the MyAccount password reset tool as soon as possible.  
To do so, follow these steps:

  1. Go to https://myaccount.usnh.edu/pwm/private/login.
  2. Sign in with your institutional username and password (for example, abc123 @psu.edu).
  3. Select ‘Change Password’ and follow the steps.

If you are unable to access the MyAccount portal, please call your campus ET&S Help Desk:

  • GSC - 1-888-372-4270
  • Keene State - 603-358-2532
  • Plymouth State - 603-535-2929
  • UNH - 603-862-4242

USNH Cybersecurity is working to remove the message from the mailboxes of those who received it.

Thank you to those who reported these messages as Phishing. If you receive messages you believe to be Phishing attempts, please forward the message(s) to Phishing.Report@usnh.edu or report the message by using the Report feature in Outlook. If you are unsure if a message may be phishing, please reference the USNH PhishBowl or contact IT.Security@unh.edu.

Categories