A new phishing email is circulating with the subject [REVIEW MESSAGES] - this is a fake message. An image of the phishing message is attached to this email. Please do not click any links or respond to the email.
The message is attempting to impersonate West Chester University and is known as a Spear Phishing Campaign, where bad actors use an external email address disguised as a known entity, to create a sense of urgency over alleged missed email communications.
In this case, the bad actors have also attempted to mimic WCU's MFA splash page tricking unsuspecting users to enter their credentials.
Best Practice: Always verify the sender and sender's email address and when in doubt call the person to confirm. Please do not click any links or respond to the email. Never send passwords over email and do not reply to messages soliciting personal information.
If you have responded to the email or clicked the link and provided your WCU account information, please reset your password immediately at https://password.wcupa.edu.
To see the latest phishing attempts, visit our Phish Bowl at: https://www.wcupa.edu/infoServices/security/phishBowl.aspx.
To learn more about what phishing is, visit the Phishing: Don't Take the Bait! knowledge article: https://wcupaprod.service-now.com/kb?id=kb_article_view&sysparm_article=KB0011256.
If you have any questions, please contact the IS&T Help Desk at https://www.wcupa.edu/servicenow.
