Skip to main content

Phishing Email Targets Duke Users

2,000 users receive email Monday asking to confirm their Duke log-in information

Duke's IT Security Office (ITSO) and Office of Information Technology (OIT) have received reports of a new phishing scam targeting Duke users.

About 2,000 users received a phishing email on Monday asking them to confirm their Duke log-in information. The email, which claimed to be sent "on behalf of Duke University," said that corporate security evaluation procedures had identified a virus in the user's Webmail account.

Read More

OIT blocked the source of the phishing emails into Duke.

While Duke's anti-spam systems catch a large portion of these messages, some continue to slip through, said Richard Biever, Duke's chief information security officer.

About 132 million messages have come into the Duke email system since mid-February. Of those, an estimated 113 million -- or about 86 percent -- were classified as spam or phishing attempts and were blocked or quarantined, Biever said. 

Users can follow these steps to protect against phishing scams:

  • If you receive an email message that looks suspicious, visit the Sophos site to upload the message, which will give Duke's anti-spam systems better information on what to mark as spam or a scam.
  • Set up a filter to send spam and phishing messages to your junk mail folder. (Instructions are available online for DukeMail and Exchange mail.)