This page contains examples of actual phishing emails sent to members of the LMU community. If you receive a suspicious email but don't see it listed here, Do NOT assume it is safe. There are many variants of every phish, and new ones are sent each day. 

If you receive an email you suspect is a phishing message, please contact servicedesk@lmu.edu

  • FALSE JOB OFFER WORKING REMOTE FOR DIRECT RELIEF:

    This is a common scam that have been targeting university students. Here are some examples of the phishing emails that students have been receiving. 

    ALERT:

    Official organizations will never solicit funds or personal information through platforms such as Google Forms, Microsoft Outlook, Facebook Messenger, WhatsApp, text messages, or other similar channels.

    IF YOU RESPONDED:

    According to Direct Relief Official website, 

    If you already filled out a form and think a scammer has your information, like your Social Security, credit card, or bank account number, please take the following steps:

    1. Stop all communication
    2. Block the sender's email address & phone number
    3. Go to IdentityTheft.gov. Based on your disclosed information, you’ll see the steps to take, including how to freeze or monitor your credit.
    4. Please forward any fraudulent email to helpdesk@lmu.edu
    5. Stay vigilant, if you provided any information to the scammer

    HOW TO DETECT PHISHING EMAILS:

      1. Offer seems to good to be true
      2. Check the sender & legitimacy of the request. The sender is from outside an official LMU/LLS email address 
      3. Official Organizations will never communicate through unofficial channels like Google Forms, Microsoft Outlook, Facebook Messenger, WhatsApp, text messages, or other similar channels.
      4. Scammer is requesting personal information

     

  • False alert about a Free Grand Piano. 

    This is a common scam that have been targeting university students and staff. 

    For more information and examples of the phishing emails please read this article "Free Piano phish targets American university students, staff" by Bill Toulas. 

    If you responded:

    1. Stop all communication
    2. Block the sender's email address & phone number
    3. Stay vigilant, if you provided any information to the scammer

    Signs that this is a phishing email:

      1. Offer seems to good to be true
      2. Check the sender. The sender is from outside an official LMU/LLS email address "[<]akimball@colby.edu[>]"
      3. Scammer is requesting a large amount of money to deliver the item. 

     

  • False alert about a Chickenpox virus exposure. 

    While ITS try its best to prevent phishing scams from reaching your mailbox, they do happen and will happen again, and it is important to learn some of the red flags that identify scams. This scam was a bit more complicated. The link redirects to a fake LMU login account that the URL is not an official LMU website to steal passwords.

    A common RED FLAG is when you are requested to move the conversation outside of your school address.

    • Scammers do this so that it is outside of our control where we cannot identify and block them. 
    • In the future you can forward emails to the Helpdesk and we will investigate their authenticity for you. 

    If you responded:

    1. Stop all communication
    2. Block the sender's email address & phone number
    3. Stay vigilant, if you provided any information to the scammer

    Signs that this is a phishing email:

      1. Offer seems to good to be true
      2. Check the sender. The sender is from outside an official LMU/LLS email address "[<]akimball@colby.edu[>]"
      3. Scammer try to get you to communicate outside of LMU/LLS address. 

  • LLS professor about a Research Internship job. 

    While ITS try its best to prevent phishing scams from reaching your mailbox, they do happen and will happen again, and it is important to learn some of the red flags that identify scams.  

    A common RED FLAG is when you are requested to move the conversation outside of your school address.

    • Scammers do this so that it is outside of our control where we cannot identify and block them. 
    • In the future you can forward emails to the Helpdesk and we will investigate their authenticity for you. 

    If you responded:

    1. Stop all communication
    2. Block the sender's email address & phone number
    3. Stay vigilant, if you provided any information to the scammer

    Signs that this is a phishing email:

      1. Offer seems to good to be true
      2. Check the sender. The sender is from outside an official LMU/LLS email address "[<]elektroserjdo@net.rs[>]"
      3. Scammer try to get you to communicate outside of LMU/LLS address. Notice the request to communicate to "an alternative email address" and provides an outside number to text.

  •  Flags to note from Fake Job/Part Time Job Offers:

    • Be wary of unsolicited job offers or paid participation in "focus groups", surveys, work at home, administrative assistant or bookkeeper.
    • Do not click any links including “unsubscribe”.  Clicking the link will tell the spammer will likely prompt the scammer to send more spam.
    • Notify InfoSec at servicedesk@lmu.edu if you have responded to the email, for additional guidance.

    Notice part-time job scams:

    Please stop all communication outside LMU emails. Some have resulted in a fake check scam for thousands of dollars.  

    Be aware of job scams. Be wary of any unsolicited job offers and note that legitimate companies will never ask you to front money. Some of these scams appear to be coming from @lionmail.lmu.edu accounts - do not assume they are safe!

    While we try our best to prevent phishing scams from reaching your mailbox, they do happen and will happen again, and it is important to learn some of the red flags that identify scams.  

    A common RED FLAG is when you are requested to move the conversation outside of your school address.

    • Scammers do this so that it is outside of our control where we cannot identify and block them. 
    • In the future you can forward emails to the Helpdesk and we will investigate their authenticity for you. 

    If you responded:

    1. Stop all communication
    2. Block the sender's email address & phone number
    3. Stay vigilant, if you provided any information to the scammer

    Winter Break Remote Job Opportunity at Loyola Marymount University

     

    WHO Part-Time Job

    UNICEF Part-Time Job

     

    Another example of a similar email:

    Vacancy: Mystery Shopper

     

    Pet Sitting Job Scams 

    Notice: 

    Though this website is legitimate in this case the account is compromised and is sending out phishing emails. Be aware of different phishing indicators.

    • The user is trying to redirect the email from a legitimate platform onto a private Gmail address.
    • Offer seems too good to be true!

     

  • Tips on how to avoid QR code scams

    Follow these tips to avoid becoming a victim of QR code scams:

    • Preview the QR code link. A preview of the URL should appear on your phone when you scan a QR code. Make sure the URL is legitimate and that real URL is not modified (for example, “LMU.com” instead of “LMU.edu”).
    • Double Check the website URL. Official websites have for a lock symbol next to the URL or https:// in the URL. These URLs are secure URLs.
    • Don’t scan or open QR codes from strangers. Make sure not to scan QR codes from people that you don’t know. 

    QR Code Scam example:


     

  • Impersonation emails, texts & Urgent Requests

    Indicators of a phishing email:

    • Email is not sent from an official LMU email address. Sent from SharePoint which is not officially supported by LMU.
    • Attempt to move conversation from LMU email is a sign of a potential scam. University will also not be able to monitor and remediate.
    • Lack of LMU signature/Branding and does not have an LMU contact provided in the email
    • Email creates a sense of artificial urgency by requesting the recipient to contact them immediately
    • Follow ups will request purchases in violation of University policy

    Note:

    • If you are not expecting a document from the sender, verify that the email is legitimate before opening any attachments or clicking any links
    • If the email looks odd, contact the sender via a known verified method, such as their LMU email (do not reply directly to the suspicious email).

    Impersonation Text Scams:

    • Impersonation Scam of Law School professionals. Please stop all communication and block the number of sender. Report these scams.

     

     

  • Red flags to note:

    • Be wary of emails coming from student accounts offering jobs, urgent requests or technicalrequests to change your password 
    • Do not click any links including “unsubscribe”.  Clicking the link will tell the spammer will likely prompt the scammer to send more spam.
    • Notify InfoSec at servicedesk@lmu.edu if you have responded to the email, for additional guidance.

    LMU accounts are vulnerable to being hacked into and compromised. Once a university account is accessed by a malicious entity there are different risks. In most cases the attackers try to trick more people into falling for phishing scams because the email appears to be coming from an official LMU address. 

  • ATTN Imposter Scams: Imposters pretend to be someone you know, work with or someone in a position of power i.e. a manager or dean 

    Imposters might ask:

    • Odd & urgent requests to be completed
    • If you are available to do or complete a task
    • Provide personal information i.e. Cell Phone, Personal Email or more
    • Purchase gift cards 
    • Deposit a fake check or wire money

    Imposters might pretend:

    • to be a manager or dean 
    • be an outside company offering jobs that are too good to be true
    • LMU community users received phishing email with the subject of Maintenance Status Update and that your mailbox storage reached 99%.
    • Pretending to be tech support about a problem on your computer
    • you got a check for too much money and you need to send back the extra

    Examples of different requests:

     

    In the case that you respond:

     

     

    Please make sure to follow the next steps:

    A. Change your password to a unique and complex password 

    B. Report to IT Security at Secureit@LMU.edu

    C. If you responded using your personal email or phone, block the user's number and email accordingly

  • DUO Prompt Spamming

    • What is DUO Prompt Spamming?

      • When you receive a number of unsolicited Duo Push or Phone calls to authorize access to your account.

    • What does this mean when it happens?

      • It means your password has been compromised and someone is attempting to access your account.

    • What do I need to do?

      • Change your password immediately and notify the SD ServiceDesk@lmu.edu. Please make sure that your new password is unique and complex.

      • Never authorize unknown DUO Push prompts.
      • Note: if you did not request to access DUO then please deny or ignore the DUO prompts
    • What are risks of accepting DUO prompt scams?
      • User account can be compromised
      • Inter LMU accounts can be compromised and give scammers access to University Personal and Information
        • Compromised Accounts: Result in a massive phishing attack that appears to be coming from a legitimate source or sender. Can result in loss of money, or sensitive information 
  • Document Sharing Scam Summary

    • These types of phishing emails appear to be a shared documents from Google docs to Docusign. These shared files and docuemnts are fake, clicking on the links in the invoice may result downloading a malicious file or requests of credentials i.e. passwords or sensitive information

    What to look out for:

    • Documents from users that you do not know or where not expecting
    • Documents shared outside of normal and approved work flow process of sharing documents i.e. Googe docs, sometimes Docusign

    What to do if you receive this:

    • If you receive this document you suspect to be fake or did not anticipate receiving, do not open, fill out any information & do not respond using links or phone numbers in the email.
    • Do not use/click on the links in the email!
    • Verify this document by calling or emailing the sender at a known/verified email and phone number 

    Examples:

     

     

  •  

    About This Phishing Email

    • Email creates a sense of urgency to respond & click the link
    • Any ITS support emails (password change, LMU email issues, etc) should come from a valid LMU email address and contain LMU branding. Unlikely that this type of request email will be sent to broader LMU community.
  • Maintenance/Service Scams

    Maintenance Status Update - Mailbox Storage

    Different types of phishing campaigns have been targeting all LMU community users with the following phishing email. An ITS Security Alert email was sent to all LMU/LLS faculty, student, and staff.

     

     

  •  

    Examples of Direct Deposit Request Changes:

    • Verify the identity of the user before changes are made. A phone call using an internal extension or the phone number you have on file (not the phone number provided in the email) can help our community avoid a financial loss.
    • After verifying user, LMU direct deposits changes made in Workday.

     

     

    About This Email

    • Email is not sent from an official LMU email address
    • Grammatical errors
    • Odd salutation
    • Be cautious of requests to update personal information that can be done by the user through Workday or attempting to avoid normal processes
    • Email creates a sense of artificial urgency by requesting the recipient to contact them immediately

     

  • Be wary of of unknown links:

    Make sure to not open any unknown files, attachments or click on links. Make sure to verify the files that are sent with the sender on a verified email address or phone number.

    Please note: if you did not anticipate the link or the attachment do not open.

     

    Malicious Attachment Emails:  

     

    Debbie Keet shared “Faculty Evaluation” with you

     

    Other examples:

    Michael Waterstone Shared a file with you

     

     

     

  •  

    About This Phishing Email

    • Email creates a sense of urgency to respond & click the link
    • LMU mailboxes storage capabilities are large enough so users are not likely to ever fill their mailboxes
    • Any ITS support emails (password change, LMU email issues, etc) should come from a valid LMU email address and contain LMU branding. Unlikely that this type of request email will be sent to broader LMU community.
  •  

     

     

     

     

    Requesting Tasks & Buying Gift Card Emails

    • Be cautious of requests to buy gift cards outside of the official Workday process. Stop all communication of these types of requests & report to service desk.  
    • The email address can be spoofed, where someone is able to change the email address to appear it is coming from an official employee.  

    Example 1:

    Example 2:

    • Note urgency of the request & attempt to keep the request secret 
    • This user should have confirmed with a verified number and address the legitimacy of this request!
    •  

     

    Another example: "Are you free to run a quick request?"

     

     

    • Note: You may receive voicemails that appear like they are coming from LMU or a legitimate source. However, there have been some cases where users spoof, where someone pretends to be who they are not.
    • If the voicemail seems odd, out of place, or did not expect to receive the call. Please feel free to delete and report to secureit@lmu.edu
  • Phishing Scam Summary

    • These types of phishing emails appear to be a PayPal invoice for a fake purchase. The invoices for this scam may be generated in PayPal by the scammers. Even though the purchase is fake, clicking on the links in the invoice may result in a transfer of a payment in PayPal. The invoice claims that the recipient has successfully made a purchase through PayPal for an X amount, in this case it is $178.32. 

    What to look out for:

    • Invoices for purchases you have not made.
    • Requests to act immediately to make payment or reverse payment.

    What to do if you receive this:

    • If you receive an invoice you suspect to be fake or for a purchase you don't recall making, do not pay & do not respond using links or phone numbers in the email.
    • Go to your PayPal account
    • Do not use/click on the links in the email!
    • Verify this purchase by looking into your purchase history & clarify if you haven't been fraudulently billed.

    If you have been fraudulently billed go to PayPal’s Resolution Center at paypal.com/disputes/ and report the fraud immediately.

     

  • Credential & Sensitive Information 

     

  • Summary

    • These types of phishing emails appear to be an official Federal notice. The scam appeals to false authority and urgency to respond.

    What to look out for:

    • Requests that are odd or out of the ordinary
    • Requests to act immediately to make payment or reverse payment.

    What to do if you receive this:

    • If you receive an invoice you suspect to be fake or for a purchase you don't recall making, do not pay & do not respond using links or phone numbers in the email.
    • Do not use/click on the links in the email!
    • Reach out to the official email of the organization to verify the legitimacy of the email

     Money Claim Scams: