Some of you may have received a Phishing Email with the subject “A file has been shared with you”, or something similar. This email “appears” to be coming from someone within Simmons or even from an external email address. Clicking the link brings the victim to a web page that looks like an official-looking webpage and asks them to enter their username and password. Once that information has been entered on the webpage it is captured by the cyber criminals.
Almost immediately following, the cybercriminals attempt to login to Simmons’s email and systems with the stolen credentials and the victim will receive a Duo authentication request known as a “Rogue Push”, meaning one that was not requested. If the victim approves the Duo request, then the cybercriminals are allowed in. Think before you click!
The Job Scam is intended to steal money from the victim in one of two ways. The first is that they ask for personal information plus a bank name. They will then send an official looking email from that bank asking the victim to confirm details and maybe to reset a PIN code. The scammers will try to use this information to login to the bank account and withdraw money. The second way is to send the victim a paycheck in advance with instructions to use that check to purchase supplies or a computer from their vendor. The victim purchases these items before the bank has time to clear the deposited check. The fake check will bounce and the victim is left responsible for the purchases. Other variations of this scam have involved sending cryptocurrency such as bitcoin to the scammers.
As phishing and job scams targeting higher education persist, vigilance is key. Carefully inspect unsolicited emails and do not click links or provide information without verifying legitimacy first. Report suspect message as phishing in Gmail. Research employers thoroughly when job hunting and avoid requests for upfront fees or personal details. Never provide banking information. Stay alert and contact the IT help desk with any online safety concerns. Using caution and common sense are our best defenses against those looking to take advantage.
If you are getting a new mobile device, it is important to enroll it with SharkPass/Duo to avoid any potential service disruptions. If you still have access to your existing device, you can find instructions on how to enroll a new device on the 
Simmons Technology partners with Duo, our two-step authentication vendor, to provide students, faculty, and staff with a secure and seamless login experience. As part of our ongoing effort to improve security, we periodically review and update our security controls. We are currently looking at ways to improve our security platform, and as a result, there will be changes to the way we connect to Simmons’ computing resources. We ask that members of the community pay attention to any updates and be aware of how these changes may impact them.
Simmons uses SharkPass to provide an additional layer of security for our Simmons login. In recent years, SMS passcodes, Duo Mobile Passcodes, and Telephone voice call verification have become avenues for scammers to steal login credentials.