Many in our community have either received or will receive these types of phishing emails impersonating folks in the SHASS Community. Many of these types of fake emails will originate from free email services like gmail, yahoomail, and outlook.com. The intent of these attacks is to extract personal data, information, emails, or phone numbers for further and more sophisticated attacks.
These type of attacks have also taken the variant forms “Can you talk now?” and “Can you order” something for impersonated community member. Whenever you see short vague emails like this you should immediately be on guard and recognize these are likely phishing attacks.
Another sure sign to look for is the email address it’s sent from. In this example the originating email is not the Dean which should definitely tip off recipients that the email is a phishing attack.
Begin forwarded PHISHING attack message text:
-----------------------------------------------------------------
From: Agustín Rayo <deaninterim787@gmail.com>
Subject: Hello
Date: March 25, 2024 at 8:39:58 AM EDT
Available cellphone number?
Bests Regards,
Agustín Rayo
Kenan Sahin Dean
Massachusetts Institute of Technology
---------------------------------------
End Phishing Email Message
If there is ever a question whether an email is real, you can Message->Forward as Attachment (in Apple Mail) the suspect email to shassithelp@mit.edu and ask us if this is real.
If you know the message is definitely phishing, you should Message->Forward as Attachment (in Apple Mail) to phishing@mit.edu so that IS&T gets the data to block these types of attacks in future.
For anyone needing a refresher, we have our Safe Computing @ MIT document located at the SHASS IT Home page with things to watch out for and cybersecurity safety tips to keep you and your data safe.
Please let us know if anyone has any questions.