Today we saw another phishing message that borrowed a familiar subject line from the email inbox of the person sending the phishing messages…this time they used our BearAware Alert: Active Phishing Event subject line from last week. Please ignore & delete this message if you see it & always be skeptical of emails that look like the examples below this post.

Baylor communications will contain information in the email message & may include instructions on how to access more information online (or web addresses), but they avoid just having a ‘Click here to open this message’ link with no other information. This phishing scheme lends legitimacy to the message by re-using a subject line that the recipient has seen before, probably very recently. It also uses the interlocking BU logo on the page where it asks you to log in while prompting you with your full Baylor email address (yet another trick they use to lend legitimacy to the message).

Remember you can forward any suspected phishing email to BearAware at Baylor dot edu.  As always, Sic Phishing!

As a slight twist on phishing emails we have been seeing for the past couple of weeks, one rolled in this morning with the DocuSign logo at the top. However, this is not from DocuSign & does not contain a document for you to review & sign. If you clicked the link, please change your BearID password immediately.  Remember, you can forward any suspected phishing email to BearAware at Baylor dot edu. #SicPhishing

With the start of the new school year just in the rear view mirror, we have started to see an uptick in the number of accounts that are sending phishing emails out, since April 2017 we have had over 2,600 accounts end up in this state. However, that means we have over 15,000 accounts that have not been sending phishing emails out to campus & the world. Let’s all be more careful with the links we click & the places we enter our BearID & passwords so that the number of users that are not sending phishing emails rises! #SicPhishing

Lately we have seen many users receive an email with the subject line of Important Document, Pending Document, Review & Sign Document, or something similar that when opened appears to be from Dropbox or another similar cloud document hosting service. When the user clicks the Review & Sign Document button it then prompts you to log in with an email account, but once you enter your BearID & password nothing happens…until your account starts sending phishing emails out to more users.  Below is a picture of the phishing email we have seen on campus most recently.

LATEST PHISHING SCAM – OCT. 9

Newest phish scam in Baylor accounts tries to reel you in with Dropbox. Don’t be fooled by “BAYLOR ADMIN” and its sketchy email address. Do not click the link. Do not sign in.

Side note: Baylor does not use Dropbox for file storage. Baylor uses Box.

LATEST PHISHING SCAM – OCT. 4

Heads up! Another phishing email has hit campus accounts asking you to click & sign in for a security update due to phishing. This is a phish. Do not click the link.

Click the photo below to enlarge the example.