Over the last two weeks, there have been numerous phishing attempts circulating targeting Miami faculty, students, and staff. So you are aware of these scams and what they look like, we've rounded all of them up here so you can keep a lookout!

Scam Targeting Miami Entity Accounts

The most recent phishing message is asking recipients to verify their Miami accounts after claiming that the account has been set for deactivation. The message is as follows:

Email Phishing Message Urges Users to Send Password

Last week, a phishing message containing a malicious attempt to steal credentials was sent to approximately 2,000 Miami accounts. This message came with the subject line, “Thank you for being part of Miami University.” The information security team has contained and deleted the email from our Miami servers. However, another phishing email was sent as a result of the first, and that message is now circulating as well.

The new email urges recipients to log in to a special system to verify their Microsoft accounts. It contains content similar to the following:

The email then takes the recipient to a Google Form asking you to type out your Miami login credentials and a code for your DUO app. 

Please know that neither Microsoft nor Miami will ever send a message like this to force users to verify their accounts. Any links in an email like this should be treated as suspicious! It's also important to note again that IT Services would never ask for your password via Google Form. We especially will not ask for your Duo code.

For more information, visit our article here. 

Scam Promoting Internship Opportunities

Another scam that has been making rounds has been trying to reach students through fraudulent work and internship opportunities. There have been emails circulating claiming that you are eligible for an internship or student employment position. 

While using the names of a real Miami employee and often mentioning Miami University Career Services, there are many flaws with these scams to keep an eye out for. The email is often not sent from a Miami email address and does not properly use the titles of university departments.

Here is a copy of the message: 

Please be advised that this is not how Miami advertises jobs and/or internships. Anything we are looking for workers in would be advertised via the Workday website.

How to Avoid These Scams

If you receive a suspicious message, it's best to be aware of how to determine if it is legitimate and avoid getting scammed.

The best way to avoid scams is to not click any hyperlinks from suspicious or unknown numbers/senders. Don't trust messages asking for personal information, especially if they seem to come from legitimate organizations. Be aware that companies would not reach out via text or email for urgent matters. 

Be cautious of messages pushing urgency and with unusual requests. Strange phrasing, grammatical mistakes, and unnatural details could be signs of an AI scam. 

You should also never respond to these messages. For SMS scams, even something like replying "stop" or "wrong number" can let the scammer know that your number is active, putting you at risk for future attacks.

Trust your instincts: If a message feels suspicious, it most likely is. If you receive a message that you suspect to be a phishing message, please forward it to InfoSec@MiamiOH.edu. This allows the information security team to block sites that may be associated with phishing attacks. If you ever feel you may have responded to a fraudulent message or clicked a link in one, please contact IT Help immediately at 513-529-7900.

For more tips about remaining secure online and at Miami, visit MiamiOH.edu/info