The Lehigh University Information Security Team wants you to be aware of an increase in phishing attempts that are targeting your passwords and access to your account. Exposing your account to attackers could lead to the compromise of sensitive information, which could lead to identity theft and financial loss (potentially including theft of your paycheck).

There are several warning signs that indicate an email message could be a phishing attempt:

  • Requires urgent action and/or negative consequences will occur if action is not taken
  • The message was not expected
  • The sender is not known or a forged (spoofed) account
  • The message contains a warning from Google that it is from an external sender
  • The message requests sensitive information be sent
  • The message directs users to "click here"
  • The message contains poor grammar and/or spelling

When in doubt don’t click or enter your username and password!

If you are prompted to enter your Lehigh username and password, double check the URL to make sure it reads "lehigh.edu", as it does in this image:

What to do if you receive a suspected phishing email

If you receive one of these emails or have divulged your Lehigh password, please change it immediately and notify the Lehigh Information Security Team at security@lehigh.edu. We will use this information to assist you and to protect others in the Lehigh community.

How to protect yourself from phishing scams

All Lehigh computer accounts are protected by Duo Two-factor authentication but Duo will not protect you if you do not use it properly. NEVER authorize a prompt you did not initiate. Instead, click Deny on the app and indicate it is a suspicious/fraudulent activity. The Duo 2FA prompt will ONLY occur if you are trying to log into a system at that moment. 

If you have any questions, please contact the Lehigh Information Security Team at security@lehigh.edu.

For more information on data privacy, training and awareness, research security, compliance, and more, visit Lehigh Information Security.

Sincerely,

Eric Zematis, CISSP, CISM, PMP
Chief Information Security Officer
Library and Technology Services