Over the past few months, some NJIT faculty and staff have been the target of spear-phishing scams. A spear-phishing scam is targeted towards specific individuals or groups, often with the intention of stealing credentials, getting access to sensitive data, or tricking people into sending them money.
In this case, the attacker impersonates the Dean and targets faculty and staff with “urgent” email requests. Spear phishing attacks use outside/non-NJIT email addresses and frequently incorporate the name of the sender. Attackers use multiple email addresses and regularly change them as they are blocked.
Because attackers use multiple accounts, the best thing to do is closely inspect the sender’s email address. To help identify these scams enhanced security measures have been implemented within NJIT's Gmail web interface that displays warning banners to help identify potentially fraudulent email addresses.
If you receive a potential spear phish email please forward it to abuse@njit.edu. If you have any questions about NJIT's cybersecurity efforts, or need to report an incident (e.g. compromised account), please contact the IST Service Desk at 973-596-2900 or https://servicedesk.njit.edu.