Wednesday, November 16, 2016

Spear Phishing - NOT from Payroll!

Several Macalester people have received the following spear phishing message in the last day or two. It is NOT legitimate, and does NOT originate from College Payroll staff! This is an attempt to fool you into surrendering confidential information. Don't fall for it.

Here's the text of the scam, followed by some clues to its true nature.


From: Payroll Services <>
Date: Mon, Nov 14, 2016 at 9:28 AM
Subject: Your Record Updated -- IMPORTANT

This email is to confirm That You have successfully updated
your  email address via  1600 Grand  Portal .

This update occurred on 11/14/2016 at 7:13 am

If you did not update this information online, please go
or call the Information Technology Services ( ITS) Help
Desk at 651 -696-9400  for assistance.

Please note that if you have multiple email accounts with
the university, you may receive this message at each email
address. If you Performed multiple updates, you may also
receive separate email Confirmations.

Thank you,
Payroll Services.

email is to confirm That You have successfully updated


The scammer put some effort into this message, tailoring it to make you react without thinking. (Those Macalester details are what makes it 'spear' phishing.) You might have been temporarily deceived by the From address, by the apparent Web link on Macalester's site, and by the reference to the ITS Help Desk. But look again.

*Who is the message sent TO? Our Payroll colleagues will use your specific Macalester address when emailing you, not leave the To: field blank.

*The telephone number for the Help Desk is wrong, as the online Directory shows. 

*Look at the phrasing, spacing and punctuation. Macalester is not a university. Our portal is 1600grand (one word). The Web link appears to be a Macalester page but isn't. The writing is stilted and oddly capitalized. Official Macalester communications will be better written and clearer than this.

ITS can, and does, protect your data with firewalls, a segmented network and vigilant Infrastructure staff. Scammers know this, recognizing that the quickest way into your account is to fool you into surrendering your credentials. When you receive an email message that looks odd to you or just seems "iffy," stop and think. Take your time to read it carefully. Don't click on any links. Get a second opinion from an ITS staff member, such as your AIA or the ITS Help Desk (the REAL phone number is 651-696-6525). Don't let surface details like an apparent Macalester address fool you: there are wolves in sheep's clothing out there.  Don't let them into your account!