Phishing Alert | "myWheaton Portal Re-Validation"

Posted May 5, 2016 by Academic and Institutional Technology
Tags: Phishing Attempts

Phishing Alert | "myWheaton Portal Re-Validation"

Some students and employees recently received an email claiming to be from the IT Help Desk. The email warns the recipient of a security breach and asks them to follow a link and enter their username and password to re-validate.

This email is a phishing attempt. Do not click on any of the links in the email or provide any information to the sender. Thank you to all who reported this scam.

If you responded to this scam, please contact us at 630.752.4357 (HELP).

Spotting Phishing Attempts

Phishing Example


The image above is a screenshot of this phishing attempt. Several things indicate that this email is not what it claims to be:

  1. The email claims to be from the Wheaton College IT Help Desk, but was not sent from a email account.
  2. The email contains numerous grammatical errors, which indicate that it may not be as official as it claims to be.
  3. Check to see if the URL matches the supposed sender. You can often hover over links to see the URL. This email claims to be from Wheaton College, but the link directs people to a non-Wheaton website. Any emails from Academic and Institutional Technology will direct you to a webpage. We will never provide a link in an email that sends you directly to a page where you are asked to input your password.
  4. The email is worded in an alarming way, using phrases like "unknown external attackers" and "entire data loss." When an email is worded like this, it is often trying to scare the recipient so they don't think clearly about what they're being asked to do.
  5. A legitimate email from Academic and Institutional Technology will include contact information for our department. We always want you to be able to check in with us and ask questions if you're not sure about an email we sent. If there is no contact information, the sender is not affiliated with AIT.

Always exercise caution when responding to emails. If you're not sure whether an email is a phishing attempt or not, contact us or call 630.752.4357 (HELP).