The DotCIO wants to alert the Rensselaer community to an increase in sophisticated phishing emails attempting to steal credentials, personal information, and other sensitive data:
- Phishing that mimics a Rensselaer login page, including branding, and requires a DUO passcode, which is used to compromise a Rensselaer account.
- Phishing mimicking official government sites, such as studentaid.gov, and is used to collect personally identifiable information, including social security number, date of birth, and address.
- An increase in phishing emails that contain QR codes which lead to malicious sites and/or fake login pages to harvest credentials or other sensitive data.
All community members should always be on alert as part of good cyber hygiene practices to protect Rensselaer as well as their personal information.
Adversaries/hackers continue to evolve their techniques for compromising accounts. Multi_FActor Authentication (MFA) provides a strong foundation for account security, but there are multiple methods for second factor authentication with varying degrees of security. Shortly, DotCIO will be announcing the retirement of older multi-factor authentication methods which are no longer providing the level of security necessary to resist current attacks.
All faculty, staff, and incoming students were assigned a cybersecurity training module in Rensselaer’s professional development system, Percipio, regarding identification of phishing emails. If you have not yet completed this training, it is imperative that you do so to help protect yourself and our community. DotCIO is also working to identify additional training resources for the community focused on cybersecurity.
For further information about identifying and reporting phishing please view resources on https://support.rpi.edu
Thank you for your continued vigilance and cooperation in defending Rensselaer against these persistent and serious threats.