Phishing Email Messages
What is a Phishing Email?
A phishing email attempts to steal your confidential information by directing you to a false website where that asks you to provide personal information, such as a password, credit card, or bank account numbers.
Phishing emails are occasionally delivered to your Duquesne University email account. These messages often direct you to a false login page and ask you to provide your MultiPass password.
BEWARE: replying to phishing emails will ALWAYS result in your password being stolen.
What to Do If You Have Received a Phishing Email
If you have received a message that you believe is phishing, please follow the steps below to report it to the CTS Help Desk:
- Obtain the message headers from the email in question. This information allows CTS to investigate how the email entered the mail environment and prevent future phishing emails from being delivered to campus. For steps on how to obtain header information, click here.
- Forward the phishing email and message headers to firstname.lastname@example.org.
- Delete the phishing email.
What to Do If You Have Responded to a Phishing Email
If you believe you have responded to a phishing email, please follow the steps listed below:
Step 1: Secure Your MultiPass Account
Visit duq.edu/multipass to reset your MultiPass password and secret question answers IMMEDIATELY. In addition, please reset your password for any personal accounts that may have used a similar password.
Step 2: Secure Your Email Account
Verify that no suspicious inbox rules or forwards have been placed on your Duquesne University email account. For steps* on checking rules and forwards, click here.
*You will need to perform these steps by visiting duq.edu/mail.
Step 3: Secure Your Computer
If your computer has been infected with spyware or malware, perform an antivirus scan. If you do not have an antivirus program installed on your computer, CTS recommends Sophos Home edition. For more information, visit duq.edu/sophos.