This morning, a number of people at Stanford received an email that appeared, falsely, to be from President Marc Tessier-Lavigne. The message did not originate from his Stanford account, but rather was a phishing attempt of the kind we see with increasing frequency today.
The email, with the subject line “NEW DEVELOPMENT FILE TO ACCESS [DOCX.11] 31.01.12.2017,” contained an attachment that sought to lure recipients into divulging password information via a web login form. If you clicked on the attachment and entered any password information, please take action to change your password immediately. If you need assistance, contact your IT support team.
As we have advised previously, while Stanford’s systems succeed in filtering out large numbers of malicious emails daily, the Information Security Office urges email users to always scrutinize incoming messages to ensure they are authentic. Given the increasing sophistication of phishing attempts, many malicious emails now may appear to be from someone you know, or may contain a subject line that appears to be related to your work. If you are unsure about an email, it is often a good idea to call the purported sender (if practical) or check with your IT support team to confirm the email’s authenticity before clicking any links or opening any attachments. You can also send suspected phishing emails to spam@stanford.edu for analysis.
Thank you for your continuing attention to email security.
Michael Tran Duff
Chief Information Security Officer
Stanford | University IT
