Skip to main content

Security Alert: Fake Email Referencing Interim President Rawlings

Date:
2017-01-25 00:00:00
Status:
Closed
Brief Description:
Scammers have sent fraudulent emails claiming to be from Interim President Hunter Rawlings to many members of the Cornell community. These emails are fake and their attachment should not be opened or interacted with in any way. Please delete the message.
Current Status:
Note: Updated alert to add steps that can be taken.
Services Affected:
Email and Calendar
Security Incident Response
Subsites Affected:
Faculty/Staff Email (Office 365)
Student Email (Cmail)
Full Description:
In the past few days, scammers have sent fraudulent email claiming to be from Interim President Hunter Rawlings to many members of the Cornell community. The message may have a title like "Great news to all members of Cornell University" or "Message from President Hunter Rawlings."

These messages use vague wording and encourage recipients to open an attachment. These emails are fake and the attachment should not be opened or interacted with in any way. Please delete the message.

If you did open or interact with the attachment, please contact your local IT support providers immediately. Take very seriously the possibility that opening attachments can compromise your computer and any information or business done on it. You can also take the following steps:

1) As a precaution, you should reset your NetID password at http://netid.cornell.edu (Change your password).

2) Delete the PDF attachment file.

3) Run an anti-virus scan on your computer. https://it.cornell.edu/antivirus .

If you need assistance with these items, you can contact the IT Service Desk during normal business hours 8 a.m. - 6 p.m. Monday-Friday
http://it.cornell.edu/support .

This fraudulent message has been added to the Phish Bowl, a catalog of malicious emails seen at the university.

https://it.cornell.edu/phish-bowl .

If you ever have any question about the validity of any email claiming to be from Cornell, you can check this page and its counterpart, the Verified Communications page, a listing of emails being sent out from legitimate Cornell sources (login required).

https://it.cornell.edu/verified-cornell-communications .