The Lehigh University Information Security Team wants you to be aware of an increase in phishing attempts that could lead to the compromise of sensitive information, such as banking and direct deposit information. In one case, a phishing attack at Lehigh resulted in a paycheck being sent to a fraudulent account.

There are several warning signs that indicate an email message could be a phishing attempt:

  • Requires urgent action and/or negative consequences will occur if action is not taken
  • The message was not expected
  • The sender is not known or a forged (spoofed) account
  • The message contains a warning from Google that it is from an external sender
  • The message requests sensitive information be sent
  • The message directs users to "click here"
  • The message contains poor grammar and/or spelling

What to do if you receive a suspected phishing email

If you receive one of these emails or have divulged your Lehigh password, please change it immediately and notify the Lehigh Information Security Team at security@lehigh.edu. We will use this information to protect others in the Lehigh community.

Library and Technology Services will also be launching a phishing training program to help you identify phishing scams via email. Watch for details soon.

How to protect yourself from phishing scams

All Lehigh computer accounts are protected by Duo Two-factor authentication. Here’s how to use Duo effectively:

  • Whenever possible, use Duo Push through the mobile app – it is the most secure and flexible option.
  • The Duo 2FA prompt will ONLY occur if you are trying to log into a system at that moment. If you are not logging into a Lehigh site and are not being informed that you will be prompted for Duo 2FA, DO NOT accept the request, as this means someone is trying to login to your account using your password. NEVER authorize a prompt or call you did not initiate. Instead, click Deny on the app (or hang up if called).
  • Never provide another person with a Duo authorization passcode.

If you have any questions, please contact the Lehigh Information Security Team at security@lehigh.edu.

Sincerely,

Eric Zematis, CISSP, CISM, PMP
Chief Information Security Officer
Library and Technology Services