{"id":2291,"date":"2026-04-08T17:09:01","date_gmt":"2026-04-08T17:09:01","guid":{"rendered":"https:\/\/blogs.luc.edu\/uiso\/?p=2291"},"modified":"2026-04-08T17:25:56","modified_gmt":"2026-04-08T17:25:56","slug":"phish-alert-scammers-posing-as-loyola-its","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/uiso\/phish-alert-scammers-posing-as-loyola-its\/","title":{"rendered":"Phish Alert: Scammers Posing as Loyola ITS"},"content":{"rendered":"

We are currently seeing a significant wave of phishing emails targeting our staff and students.\u00a0The scammers are posing as the Loyola IT Department in an attempt to steal your password.\u00a0One example currently in circulation claims that your account is scheduled for termination due to duplicate credentials and asks you to click a link to verify your account.<\/span>\u00a0<\/span><\/p>\n

You can spot this\u00a0scam\u00a0by looking for several red flags. First, examine the\u00a0recipient\u00a0list. In the current attack, the scammers have copied hundreds of random Loyola email addresses in the “To” or “Cc” field. A legitimate IT alert would never be sent to\u00a0a long list\u00a0of strangers in this manner. Second, be extremely suspicious of any request for your password, especially through a Google Form. No Loyola IT staff member will ever ask for your password via email or a form. If a message asks you to enter your credentials to keep your account active, it is a phishing attempt.<\/span>\u00a0<\/span><\/p>\n

What makes this current wave particularly dangerous is that these messages are not coming from outside email addresses. When a student or staff member falls for a phishing scam and provides their MFA code to the phisher, the attacker can send messages from their account. They then use that hacked account to send the same phishing email to hundreds more Loyola addresses. Because the email appears to come from a legitimate @luc.edu address, it looks more real, and recipients are more likely to trust it. This creates a dangerous cycle. One compromised account leads to ten more, and ten lead to a hundred. The best way to break the cycle is to never enter your password on a link sent to you in an email. If you suspect your account has been compromised, change your password immediately and contact the IT Service Desk.<\/span>\u00a0<\/span><\/p>\n

Finally, remember legitimate emails from official IT Service Desk communications will come from\u00a0 <\/span>ITSServiceDesk@luc.edu,<\/span><\/a>\u00a0<\/span>DataSecurity@luc.edu<\/span><\/a>, or\u00a0<\/span>\u00a0<\/span>helpdesk@luc.edu<\/span><\/a>.\u00a0Scammers may fake the “From” address to look like a real person, but the content of their message will\u00a0contain\u00a0generic threats and urgent demands. Also be aware that password phishing is not the only\u00a0scam\u00a0currently targeting Loyola. Another common\u00a0scam\u00a0involves an email that appears to come from a professor or supervisor asking you to\u00a0purchase\u00a0gift cards\u00a0in exchange for giveaway items. No legitimate Loyola employee will ever ask you to buy gift cards for any work-related purpose. If you receive such a request, it is always a\u00a0scam.<\/span>\u00a0<\/span><\/p>\n

If you receive a suspicious email, do not click any links, do not enter your password, and do not reply.\u00a0Forward\u00a0the message to\u00a0<\/span>ITSServiceDesk@luc.edu<\/span><\/a> and then delete\/report it. When in doubt, type websites directly into your browser rather than clicking links in unexpected emails.<\/span>\u00a0<\/span><\/p>\n

Remember to always stay vigilant, trust your gut, and report anything you find suspicious or unexpected. <\/span>\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

We are currently seeing a significant wave of phishing emails targeting our staff and students.\u00a0The scammers are posing as the Loyola IT Department in an attempt to steal your password.\u00a0One example currently in circulation claims that your account is scheduled for termination due to duplicate credentials and asks you to click a link to verify […]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2291","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts\/2291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/comments?post=2291"}],"version-history":[{"count":4,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts\/2291\/revisions"}],"predecessor-version":[{"id":2295,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts\/2291\/revisions\/2295"}],"wp:attachment":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/media?parent=2291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/categories?post=2291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/tags?post=2291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}