To: The Caltech Community
From: Arlene Yetnikoff, Chief Information Security Officer
Jin Chang, Chief Information Officer
On September 2, Caltech's information security team received credible information of a planned phishing attack on the Caltech community. The potential attack would seek to collect individuals' Caltech credentials by directing members of the community to a website that appears to replicate the access.caltech site.
Please note that this is a real threat and not related in any way to the IMSS program to help users identify phishing emails, as described in recent issues of Ion Caltech.
At this time, we would like to make the community aware of this potential threat, and ask all members of the community to exercise extra caution and care when reviewing and responding to emails purporting to be from Caltech. In particular, if an email asks you to click on a link to go to access.caltech, please do NOT click! Instead, go to your browser and type in the URL for access.caltech.edu.
This particular attack is aimed at collecting credentials through an access.caltech lookalike site, a very common type of phishing activity. However, there is always the potential for other Caltech websites or applications to be targeted and it is good practice to verify the authenticity of a URL or sender before disclosing any personal information or credentials online.
If you do click on a potential phishing link, we recommend that you closely examine the URL in the browser address bar before taking any action on that page, in order to confirm that you are actually on a Caltech site. Additional information and tips for how you may detect a phishing email can be found on the IMSS website. Go to imss.caltech.edu, navigate to Services/Information Security/Security Issues/Common Scams from the main menu.
Please report these and any other phishing emails to [email protected] Your reports allow us to stay ahead of these attacks and protect the community.