Office 365 Phish Spoofing FIT Domain

What happened?
We have just been made aware that some FIT employees and students have received three different phishing emails appearing with the subject lines “You have 5 new held messages 12/17/2020“, “Mailbox quota notification for,” and “Notice: Account Update.”  

All three emails pretended to be related to Office 365 and, in some cases, were spoofing FIT departmental email accounts. None of these emails are from trusted sources and should be considered phishing. Luckily the community acted quickly in reporting this email to us, and we were able to remove the email from the impacted inboxes as well as block who we think the sender was.

What can you do to protect yourself?
In many cases, Google will catch these phishing scams and automatically filter them as spam or put a warning banner at the top; however, it is important that everyone become familiar with scammers’ techniques and take precautions to protect themselves and college data. 

• While teaching, working, and learning remotely, this incident underscores the importance of having up-to-date anti-virus software installed on your home computer. If you do not have software installed, IT recommends the free version of Sophos available at home.sophos.com/en-us.aspx.
• Recognize that these attacks impact FIT daily and always be on the lookout.
• Trust your instincts: If you are unsure about an email from a fellow student, employee, division, or department, call them on their FIT extension or on a phone number that is known to you. Don’t use any number supplied in the suspicious email, and do not forward the email to other employees to confirm its legitimacy.
• Remember the 4 Don’t Phishing campaign. Learn more on our website.
• Report email scams by marking mail as phishing. If you need additional help, contact TechHelp by opening a ticket at techhelp.fitnyc.edu.