IT Security Alert: Fraudulent “SharePoint Online” Email

ITS has received notice of other colleges and universities receiving email messages from “SharePoint Online” invoking the name of Guilford and a college employee. While subjects vary, they include “Faculty Evaluation”, a subject line often used in email scams.

This email is fraudulent. If you receive the email, delete it without clicking the links. If you entered your username and password into a form linked from the email, change any password(s) you shared immediately across any service where you use that password. Please also contact its@guilford.edu so we can check your account for suspicious activity. Reusing passwords across different services is NOT recommended – a compromise of one puts all accounts at risk.

Have questions or need help? Contact the ITS Help Desk at its@guilford.edu or call 336-316-2020.

IT Security Alert: Fraudulent Gift Card Text Messages

Padlock representing IT Security

ITS has received notice of Guilford Community members receiving a scam text impersonating Guilford President Kyle Farmbry. Beware! This is a common scam that can lead to theft.

The message reported to ITS used a common “gift card” scam in which the sender requests urgent completion of a task. Upon receiving a response, the sender asks for the purchase of gift cards. You can read more about this type of scam here

Text scams are especially dangerous because spotting fraudulent phone numbers is more difficult than recognizing fake email addresses. Recognizing links to malicious websites is also more difficult in text messages. If you receive a suspicious text, verify the origin with the person who is named as the sender. If a text is fraudulent, do not respond. Delete the message.

To protect yourself, be careful with sharing your mobile number and do not post it publically. Phone numbers sending text messages can be spoofed, so even if you recognize a phone number, verify with the sender (outside of the text message) if a message seems suspicious. 

Have questions or need help? Contact the ITS Help Desk at its@guilford.edu or call 336-316-2020.

IT Security Alert: Fraudulent “Faculty Evaluation” Email

ITS received notice today of Guilford Community members receiving a scam email with the subject “Fwd: President Kyle Farmbry has shared a file with One Drive”. This email appears to have a “Faculty Evaluation” pdf file attached. When clicked, a form asks for the recipient’s username and password. 

This is a scam. Please delete the email. If you entered your username and password into the form, change any password(s) you shared immediately across any service where you use that password. Please also contact its@guilford.edu so we can check your account for suspicious activity. Reusing passwords across different services is NOT recommended – a compromise of one puts all accounts at risk.

Have questions or need help? Contact the ITS Help Desk at its@guilford.edu or call 336-316-2020.

IT Security Alert: Exposure of Passwords Worldwide Could Affect You!

Padlock representing IT Security

Alert! IT security experts recently discovered that billions of usernames and passwords from sites such as Netflix, LinkedIn and others have been publicly posted on a hacking site. If you reuse passwords across multiple services, such as Guilford email and social media, your Guilford account is at risk even if not directly exposed.

What Happened?

In this particular hack, called the “COMB Breach”, hackers combined login credentials (usernames and passwords) from many prior data breaches. Hackers then exposed the information by “dumping” it on a website publicly available to other hackers.

How to Protect Yourself

Reset your passwords:
Due to the serious risk of compromise, ITS recommends you reset passwords for all of your accounts, starting with email. Learn how to reset your Guilford account passwords here.

Don’t reuse passwords across multiple sites:
Follow the advice of security experts and use a unique password for each account. While it may seem like trouble to keep track of multiple passwords, this prevents a compromise of one account from affecting all accounts. Make the effort to remember multiple passwords to avoid the trouble of dealing with multiple compromises!

Be vigilant about suspicious messages or activity:
If you notice unsual activity with your Guilford accounts (such as emails disappearing or security alerts), contact ITS@guilford.edu. Be wary of suspcious or unusal messages even if they appear to be from someone you know. That person’s account may be compromised. Before responding to messages that seem unusal, call the person to verify the message is legitimate.

Do not respond to or engage with suspected hackers or spammers:
Hackers who send messages asking for personal information may be trying to verify that an account is active. If you receive a suspicious message to your Guilford account, forward it to its@guilford.edu or simply delete it. Don’t put yourself at risk by responding or clicking on links in the message.

Learn More

The website https://haveibeenpwned.com/ provides a place to enter an email address and check if that address has been part of a data breach. If you have many email addresses, this can help you priortize which passwords to reset first. Keep in mind, though, that this website is not aware of every breach that has ever happened. Also, even if your an account was not directly exposed, it is at risk if it shares a password with an exposed account.

To learn more about the COMB Breach see the article Over 3 billion emails and passwords hacked in possibly the largest breach ever .

IT Security Alert: Beware of Caller ID Spoofing!

Padlock representing IT Security

Caller ID spoofing occurs when scammers impersonate known or familiar-appearing phone #s to steal information. A scammer may impersonate a Guilford College 316 #, local agency, or business.

If you receive an unexpected call requesting personal information, your best response is to hang up. If the you think the call may be legitimate, call back using a phone number you can verify. Search for Guilford office phone #s at https://www.guilford.edu. Learn more at https://www.fcc.gov/consumers/guides/spoofing-and-caller-id .