UPDATED: SECURITY ALERT: Phishing scam pretends to share secure document


UPDATE: In the few moments since sending this alert, we have received additional reports of a second instance of the email phishing scam described below with minor variations.  The variants in the new reports include:

  • The apparent sender of the message is “Misty Shane (misty_shane [at] mhu.edu)
  • The subject of the message is “[IMMEDIATE ACTION} Faculty/Staff Amended And Up To Date Catalog From President Dr. Frederik Ohles”
  • The attached file is a Microsoft Word document (rather than PDF) and named “Nebraska Wesleyan University Shared Document.docx”

In each case the body of the message is almost identical.

Again, please delete the message should you find it in your mailbox.



CSIT has received several reports this afternoon regarding a new instance of an old email phishing scam .  This particular scam is one we have warned about previously, but the new variation warrants an alert.

The current scam arrives as an email message which appears to be from Jana Jones (janaj [at] mail.smu.edu) with the subject “Professional Program and Ethical Program for Nebraska Wesleyan University Employees”.  After praising the quality, diligence and dedication of NWU employees, the message goes on to note that there is room for improvement in an organization.  The message directs the reader to the attached PDF document for details of the institutions commitment to excellence and continuous improvement.   The message attachment is named “nebrwesleyan.edu.pdf” and, if opened, presents a graphic which purports to be a link to a secure document.

We have seen and warned of this scam previously.  However, this instance might appear more tempting as is comes over the signature of Dr. Darrin Good, recently named by the NWU Board of Governors as the next President of Nebraska Wesleyan University.  The link contained in the document attached to the scam email – though blocked by most web browsers – appears to go to a deceptive site which presents a fake login page designed to collect usernames and passwords.

If you have seen this message in the NWU mailbox, please disregard it and delete it immediately.  If you have already opened the attached file, but gone no further then displaying the file content, you are still safe.  However, if you followed the embedded link in the document and attempted to logon to the site you were presented, then your account has been compromised.  In that case, you will need to change your NWU and Office 365 passwords immediately.  If you need assistance to re-secure your accounts, contact the CSIT Office at 402-465-2341 or come to either the CSIT Office (Smith-Curtis 121) or the WITS Office (Smith-Curtis 109) for help.

As always, please handle all incoming email with caution, particularly when dealing with attached documents or embedded links.