New Phishing Attempts Against WCMC

ITS has been made aware of a new phishing attempt against WCMC email users. Users should delete emails entitled "To retain your med.cornell.edu Webmail account".

Phishing attempts are a common threat online. While there are tools available to help users automatically identify fraudulent messages, being in the know about ITS policies and procedures is the best way to identify these threats:

• ITS staff will never ask for your password in an email, over the phone, or in person.
• ITS does not conduct "account verification" through email or through visiting a website. ITS automatically removes accounts for users no longer actively enrolled or employed with WCMC.
• Password changes can only be done through the Identity website.
• ITS is responsible for many computing services within the Medical College. Messages purporting to be from groups that are not ITS or do not contain our contact information should be treated with great suspicion.

The ITS Security team is working to block these phishing messages, by filtering them from the mail system and limiting network access to sites purporting to be run by Weill Cornell Medical College.

Users sent suspicious emails about their account, password, or services should not click any links in these emails or reply to them. Please notify ITS Support (x6-4878 from any WCMC phone, or support@med.cornell.edu) about the email you've received so that we may take appropriate action. If you suspect you have fallen victim to a phishing scheme, please contact ITS Support immediately so that we can take appropriate action to protect your credentials.