Phishing & Email Scans

To protect your personal information and the security of Johns Hopkins’ systems, please be extremely cautious about any email that asks you to follow a link and enter your login or other personal information.

Before you enter any information on a webpage that you believe is from Johns Hopkins, check the URL, which is the website address found at the top of the page. Johns Hopkins’ login page address starts with login.johnshopkins.edu/ or microsoftonline.com. The URL of a fake page may include the words “Johns Hopkins” or “JHU” or “JHHS,” but if it does not follow the format above, you are not on the actual login site.

For example, this is a real Johns Hopkins web address:

This is not a real Johns Hopkins web address:

If you receive an email message in your Johns Hopkins inbox that you suspect is a phishing scam, please forward it as an attachment to IT and then promptly delete it. The address is the word “spam” followed by @jhu.edu. More information about protecting yourself from phishing scams is on the IT website, which can be accessed by entering it.johnshopkins.edu in your browser and, when you get to the page, clicking on the security link in the navigation bar.

What is Phishing?

Phishing (pronounced “fishing”) is a form of identity theft that attempts to trick people into revealing personal or financial information online. Phishers use phony Web sites or e-mail messages that appear to be from trusted businesses and brands in order to steal personal information such as usernames, passwords, credit card numbers or Social Security numbers.

Johns Hopkins will never send you an email message asking you to follow embedded links to “verify” information about yourself. Likewise, responsible banks, credit card companies, retailers, social media companies and others who email you will never ask you by email to follow a link and input critical account or personal information.

Please remember: Entering your user ID and password on a page you access from a link in a scam message gives phishers your credentials. They may then use this information to access your Johns Hopkins or personal information. That could result in identity theft, damage to your credit and other serious consequences. It could also result in attacks on other computers on the Johns Hopkins network.

Protect Yourself from Phishing and other Email Scams: Dos and Don’ts:

DON’T send passwords or any sensitive information over email
DON’T click on “verify your account” or “login” links in any email
DON’T reply to, click on links in, or open attachments in spam or suspicious email
DON’T call a phone number in an unsolicited email or give sensitive data to a caller
DO report impersonated or suspect email to spam@jhu.edu
DO be cautious about opening attachments, even from trusted senders

Some phishing messages are obvious frauds, full of spelling errors or clearly phony attempts to suggest a previous connection between you and a message sender. Other phishing attempts, however, are quite clever and deceptive. Some might even send you to a phony but real-looking Johns Hopkins login page. So please be careful: Never judge a message simply by how real it looks or who it seems to come from. Think also about what it is asking you to do. Look at the URLs of sites where the message is trying to send you.

Should you receive an email message in your Johns Hopkins inbox that you suspect is a phishing scam, please forward it as an attachment to spam@jhu.edu and then promptly delete it.

Phishing Defined

Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises. These messages usually direct you to a fake website or otherwise get you to divulge private information. The perpetrators may then use this private information to commit identity theft. these messages may also contain malicious files, often Word, Excel or PDF documents. These malicious files may install worms or viruses on your computer.

The messages can be hard to recognize as fake, because they appear to come from known sources. The more familiar a message looks, the more susceptible people may be to performing actions suggested in the message. One type of phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to “click here” to verify your information.

Recent phishing messages received at Johns Hopkins claim to originate from a “JHU Support Team” or “Webmaster” or from another source inside Johns Hopkins. The subject lines say, “Verify your JHMI EDU account” or “Confirm Your Account” and include a request to respond with information such as username, password and date of birth.

Phishing scams often try to scare or trick the recipient into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.

Example Phishing Email (1):

From: “Johns Hopkins University” <jh_ithelp@comcast.net>

Date: Mon, Dec 12, 2016 at 12:58 PM -0500

Subject: 2 Important Message.

You have 2 Important message from the school faculty.

Johns Hopkins University

IT Services

Example Phishing Email (2):

From: awarenesstraining@mail.com

Cc: securitytraining@jhu.edu
Sent: Wed, June 12, 2015 11:59 pm
Subject: Annual Security Awareness Breifing

In order to comply with the requirement for quarterly security briefings, please read through the following link and familiarize yourself with its content. Upon completion of the briefing please complete the accompanying form confirming that you have done so. Please do so within the next ten business days.

Security Awareness Briefing

The site has a number of links guiding you to additional security information. It would be a good idea to bookmark this address to keep it handy for future reference.

Best Regards,

Security Training Group
Johns Hopkins University

Example Phishing Email (3):

From: plees2@cogeco.ca [plees2@cogeco.ca] On Behalf of Mail Administrator [mail.arn043@gmail.com]
Sent: Sunday, October 24, 2010 9:01 AM
Subject: Johns Hopkins Enterprise Messaging

The Johns Hopkins Enterprise wish to inform you that our Account Review Team identified some unusual activity in your Jhmi Webmail Account. Do send us your current login credentials to keep your account active.

LoginID(LID):
Password:

Johns Hopkins Enterprise
Online Webmaster Department

What can you do to protect yourself?

Financial institutions and other legitimate businesses — including Johns Hopkins — generally will not send e-mail messages requesting that type of information. Furthermore, legitimate internal Johns Hopkins messages about access to IT resources should provide contact information for you to use to get in touch with someone if you have questions. They would also have specific information regarding access. Information technology departments within Johns Hopkins would provide as much notice as possible about outages or changes to your account.

How to spot a phishing message?

When you receive an email message, please consider these points:

Are you expecting an email of this nature? (e.g. password reset, account expiration, wire transfer, travel confirmation, etc)
Do you do business with the company or person purportedly emailing you?
Does the message ask for any personal information (password, credit cards, SSN, etc)?
Does the message ask for sensitive information about others?
Does the message ask you to immediately open an attachment?
Hover your mouse over the links in the email. Does the hover-text link match what’s in the text? Do the actual links look like a site with which you would normally do business?
Does the “From” email address look like either someone you know, a business you work with, or a proper IU email account?
Click ‘Reply’ – Does the address in the ‘To’ field match the sender of the message?

If you’re not sure about the legitimacy of an email message, please report it to us and we’ll gladly take a look. Suspected phishing can be reported to spam @jhu.edu or you can simply delete the message from your mailbox.