Phishing Information

Phishing:  A targeted, well-crafted email claiming to be from a legitimate source you trust.

The email messages may contain valid links, familiar images and logos, and even valid email addresses.  The messages usually explain that your username and password are needed due to some maintenance or upgrade and request that you reply and send in your user account and/or bank information.

They also contain links to websites that may appear legitimate, like a webmail or bank login page; however, the site is a fake and when you enter in your name and password, the information is stolen.  

Always exercise extreme caution when clicking on links that are hidden in text.  Try to hover over the text and if the full URL is not available, go directly to the website yourself and navigate to where the message is trying to take you.   

Please DO NOT give your password to anyone! 

Information Technology will never request this information, nor will any reputable company, whether it is your bank or your ISP.

Please DO NOT reply to the email!  

Responding not only confirms the validity of your account, which enables the attacker to alter their methods to still try and obtain your credentials, but also generates unnecessary traffic.

IF YOU CLICKED on the malicious link contained in the email message, please change your password immediately from the IT website > Forms and Requests > Account Password Change/Reset.

  • Call the IT Service Desk 503-768-7225
  • Email itservice@lclark.edu
    • This will help us be alert for any suspicious or unusual activity.
  • Report as Spam or Phish to Google.

Do not hesitate to let us know.

Reporting entities

  1. Internet Crime Complaint Center (IC3)https://www.ic3.gov/default.aspx
  2. United States Computer Emergency Readiness Team (US-CERT)https://www.us-cert.gov/report-phishing
  3. Googlehttps://www.google.com/safebrowsing/report_phish/
  4. Google’s built-in ‘Report Phishing’ menu option from the original message 

Recovery - if you responded to the phish

  1. Change your password (if this password is used in multiple places, change it there too and keep your passwords unique)
  2. Check your account settings - Use Google’s Security Checklist - https://myaccount.google.com/security.
  3. Check your Workday information - bank deposit information.
  4. Check Web Advisor information - cell number.
  5. IF you sent money, contact the Information Security Officer immediately | Jess Odom

Information Security Awareness:

https://www.lclark.edu/information_technology/security/awareness/