When large quantities of the same scam messages appear on campus, we endeavor to work as quickly as possible to block those messages.
Emails with with the subject line of "Notre Dame IT Helpdesk", "Unusual Activity Noticed", "To All Faulty\Staff", or "(ND.EDU)." and signatures such as IT Service Desk Support or IT Support can be a red flag for these types of emails; email notifications from our office will always be from Office of Information Technologies (oit@nd.edu), or ND Service Desk (nd@service-now.com).
If you responded to the scam and provided them with your password, you will need to immediately go to https://password.nd.edu and change your password. This will prevent the spammers from using your account to send more spam. If you did not click a link or respond to the scam, you can simply delete the email message.
If a suspicious email is coming from an ND account, please review the most recent examples we've posted in the Phish Bowl. If one of the examples matches what you received, we are already aware of this scam, and you can delete the message you received. If you have received a different message, forward it to servicedesk@nd.edu so we can investigate further. The OIT will work with the owner of the compromised ND account by securing it from further use by the spammer, and assist them in correcting configuration changes the spammer may have made. We will also block campus access to any website that was included in the email to help protect others.
As always - be safe, and remember that the OIT will NEVER ask you for your password!
You can find additional information about phishing messages here. fwd