Copy of 11-2-2022 message sent to Rice community
Dear colleagues,
I am writing to warn you about a new tactic criminals are using to try and steal our private information and attack our information technology resources.
Because we have added Duo Security, our multi factor authentication system, criminals have had to adapt their attack methods. A recent phishing attack demonstrated this by not only phishing for our usernames and passwords, but also for private Duo Passcodes from Duo’s Android and iPhone Mobile Apps. Thankfully, very few from our community were tricked into providing their usernames and passwords, and even fewer provided their private Duo Passcodes.
This is a reminder for all of us that, while technologies like Duo Security provide enhanced protections for our accounts and access, we must remain vigilant and skeptical of unexpected emails, especially those that ask for personal information, have an unexpected attachment, or redirect us to a site not affiliated with Rice. If you receive such an email, or simply have questions about an email you receive, contact the OIT Help Desk right away. The email will be reviewed and we will let you know if it is malicious.
If you think you have been the victim of an attack, report it to the OIT Help Desk or Information Security Office immediately. The faster it is reported, the faster we can take action and limit the impact to you and the university.
Office of Information Technology (OIT) Help Desk:
713-348-HELP or helpdesk@rice.edu
Report an IT Security Incident to the Information Security Office:
https://iso.rice.edu/security-incident
Find more information about phishing and recent phishing campaigns at Rice:
https://iso.rice.edu/phish-bowl
If you have any questions, please let us know. Thank you for your help in protecting our resources.
Marc Scarborough
Chief Information Security Officer