Phishing alert: HR-related scams are on the rise

Don’t fall for it! The Office of Information Security (OIS) in the Office of Technology Services (OTS) warns about a current phishing scam targeting faculty and staff.

About the scam
Attackers are falsely posing as licensed representatives for a fictitious state department and sending unsolicited phishing emails about providing consultation about retirement or benefits. The message contains links, and a request that you fill out a suspicious form to reserve an appointment. By providing this information, they will reach out with specific steps which may involve you sending personal identifiable information (PII). See a PDF example of this type of phishing scam.

Recognizing the scam
Look for a combination of these things:

  • [EXTERNAL EMAIL – USE CAUTION] – The external tag is present at the top of all incoming emails coming from external sources. Note: not all emails with this tag are malicious; it’s meant to raise your awareness. If you receive an email about Retirement or Benefits Support from a @pensionrx email address, or any other external domain, please take caution. Towson University is not affiliated in anyway with this organization.
  • An unknown sender email address. Confirm if you recognize the email address, not just the sender’s name.
  • Suspicious links within the email.

What to do if you’ve received this type of scam

  • Be extra cautious with any unexpected emails about retirement or benefits that aren’t from TU’s Office of Human Resources department or the State of Maryland.
  • Do not reply. Don’t click on any links or reply back with your phone number or any personal identifiable information.
  • Continue to report suspicious emails to OIS. Use the “Report Phish” button in Outlook or forward the email to phishing@towson.edu.
  • Contact OHR with questions. If you have concerns about benefits or retirement, contact TU’s Office of Human Resources/Total Rewards department: Yore Awodipe, Sr. Benefits Specialist at iawodipe@towson.edu

For more information on recognizing suspicious emails and for real life examples, visit www.towson.edu/phishing. If you would like an OIS team member to give an interactive phishing Webex presentation to your group or department, submit a TechHelp service request or email securityawareness@towson.edu.

Tags: , , , , , , ,

Categorised in:

This post was written by Weldon, Jennifer