Cybersecurity Alert: Campus-wide phishing attack

A phishing email has been sent to multiple Vanderbilt addresses following the compromise of a student account by an outside entity. The email has the subject line “Covid Test.” Do not open this or any emails from unknown senders, and do not click on or open any attachments. VUIT is investigating the incident now.
Note: If you are unsure if an email is malicious, please report it to VUIT Information Security by one of two methods:
Outlook toolbar report phishing
  • Using the Outlook email client, select the “Report Message” button in the top ribbon, then select “Phishing.”
  • If you are not using Outlook, or the button is not available, please send the phishing email (as an attachment) to phishing@vanderbilt.edu.
As a reminder, always take the time to look for common indicators of phishing:
  • Suspicious sender—Attackers frequently pose as a reputable source by faking a familiar email address. For example, an attacker might use something that includes a familiar organization’s name, such as john.smith.vanderbilt.edu@gmail.com.
  • Impersonal greeting or closing—Scam emails might have a generic salutation or signature, such as “Dear customer” or “Dear sir.”
  • Sense of urgency—Attackers often include language to entice you to act immediately by clicking a link or downloading an attachment. For example, an attacker may pose as a financial institution and send a warning that your password must be changed immediately to continue to access your funds.
  • Grammar and formatting—Scam emails may employ improper grammar, misspelled words, irregular punctuation and/or inconsistent formatting.