Many LTU community members received this email on the date below. This message is not from Lawrence Tech. Do not respond, do not click on any link, and immediately delete it.

If you have already clicked on the link and entered any personal information—including your password—immediately change your password AND contact the Help Desk.

If you have any concern that your email account may be compromised, contact the Help Desk.

Many LTU staff and faculty received a phishing attempt today that looked as if it originated from the Help Desk. This was one of the more "credible" looking attempts we have seen.  

Phishing is a form of fraud in which a message sender attempts to trick the recipient into divulging important personal information like a password or bank account number, transferring money, or installing malicious software. Usually the sender pretends to be a representative of a legitimate organization. As phishing attempts are very common, it is important to be vigilant in taking the time to carefully identify these threats.

Here are some key points from today's phishing attempt and other common tactics used that will help you identify and respond accordingly:

    • Never respond to any email that asks for your personal information (passwords, social security number, name, email address, residential address, credit card number,  mother's maiden name, etc.).
    • Although this is subtle, the Help Desk was referred to as "Help Desk Center", we have never referred to the Help Desk as "Help Desk Center"
    • LTU IT Services will not ask you to verify or confirm your information by email.
    • We will NEVER ask you to provide us with your password - NEVER
    • There are often grammatical or typographical errors. You may notice something just seems wrong with the grammar. In today's email, this was not the case.
    • The return address is unknown to you. If you were able to see the "reply to" address, which was visible in some cases, you would have seen that if you had replied it was going to an unknown email address, and not an ltu.edu address.
    • Some emails request you click on a link to verify your information (which was not in today's email).

If you are ever in doubt about a message, please do not reply or click on the links.

If you have received a suspicious email, feel free to contact the Help Desk and send us the header information for clarification. You can find the header information by following the instructions below:

    • Open the email 
    • Next to Reply, click on the three dots
    • Click Show Original.
    • Copy and paste the text and send it to the Help Desk.

In addition to emailing helpdesk@ltu.edu the header information, please report the email as PHISHING to Google which will help thwart this attack and others like it.

  • Opening the email 
  • Next to Reply arrow, click on the three dots.
  • Click on "Report Phishing"

We'd like to thank everyone who acted promptly and visited the Help Desk in person, called or sent us the header information. It is clear that as a community we are becoming better aware of these attempts.  It is always better to err on the side of caution in these situations
.

To keep you better informed, the message sent today is copied below:

From: Help Desk <helpdesk@ltu.edu>
Date: January 16, 2020 at 3:15:40 AM EST
To: ltustaffmember@ltu.edu
Subject: [TICK:40029] Irregular Activity Detected - Duo Security Upgrade Required
Reply-To: help.desk@tech-center.com

—-—-—-—
Reply above this line.

LTU Help Desk Center has detected an irregular activity related to your LTU campus login ID. As a precautionary measure, we will temporary block your account and we should be moving it to our backup server and we need your help to do this effectively otherwise you may lose your login information and data at the end of the Duo Security upgrade / Account Migration & Quarantine clean-up process.

To regain and secure access to your LTU campus login ID, kindly confirm the below requested information to enable us migrate your LTU campus login ID to a DUO 2-factor authentication Symantec Endpoint Protection Communication software and register it to a new SPAM filtering service which will improve your Firewall Email Security Overview and the ability to identify and block Spam/Phishing attempts automatically and other undesirable messages that flood our email system on a daily basis.

Click on the "reply" button and Confirm your LTU campus login ID as requested below;

* Username:
* Password:
* Email ID:

NOTE: We will Permanently deactivate and delete your LTU campus login ID if you do not adhere to this notice immediately as part of our Inactive LTU campus login ID clean-up process to enable service upgrade efficiency.

Thanks,

Sejla Corbo,

Senior Help Desk Technician    
Help Desk Center, C203
Taubman Student Services Center

21000 West Ten Mile Road
Southfield, MI, 48075-1058
© 2020 Lawrence Technological University


If you have any questions or concerns, please email helpdesk@ltu.edu or call our office at 
248.204.2330
.