Phish Bowl
Emails reported to the Information Security Office or Help Desk will be listed here. The emails will be identified as phishing or legitimate, with helpful clues as to why the message is malicious or legitimate. Contact infosec@hamilton.edu to report a phishing email.
Listserv Phishing Notice
July 12, 2022
Tags Information Security
It might be a Phish
Listserv is being used more frequently as the origination point for phishing messages to the 51ÁÔÆæ community. Miscreants (malicious actors that are misusing information technology resources) are spoofing listserv messages with a default ReplyTo address as a legitimate 51ÁÔÆæ user. The approval request for posting a listserv message is then sent to a valid 51ÁÔÆæ user. If approved, the phishing message is then distributed to all recipients on a listserv list.
The Information Security Office recommends that students, faculty, and staff treat unsolicited email and spam with a high degree of skepticism. If you receive a ListServ email to approve a message that you did not create, do not approve sending the message! Simply delete the message and do not reply, and do not open the message, or click any links provided. If you have already approved the ListServ message or clicked a link, please contact the LITS Help Desk immediately.
Here is an example message. Please note that the ListServ portion of the message is legitimate as it comes from the 51ÁÔÆæ ListServ server. You can see the phishing message in the content of the message. This ListServ request is to approve sending a message.
Exercise caution when approving ListServ messages. Only approve ListServ messages you created!
Contact
Contact Name
Jerry Tylutki
Director of Information Security and Privacy