Advisory: Beware of Impersonation Scams

There has been a recent surge in impersonation scams targeting higher education communities. Attackers are posing as members of IT support or help desk members and attempting to gain unauthorized access to personal accounts using fraudulent tactics. These scams tend to focus on individuals with access to sensitive or protected data and use Multi-Factor Authentication (MFA) approval requests to compromise accounts.

How the Scam Works:

1. Impersonation of IT Support: Attackers contact you, either by phone, email, or direct messaging (Teams), claiming to be from the college’s IT support or help desk team.
2. Account Lockout Claim: The scammers falsely tell you that your account has been locked or flagged for suspicious activity and that immediate action is required to restore access.
3. MFA Code Request: To “resolve” the issue, the attackers ask for your Multi-Factor Authentication (MFA) code. They might even prompt you to approve a login attempt via your MFA system, misleading you into believing it is a legitimate action.
4. Account Compromise: Once the attacker receives your MFA code or you approve the fraudulent login request, they gain unauthorized access to your account, including sensitive data, emails, or internal systems.

How to Protect Yourself:

• Do NOT Share Your MFA Code: No legitimate Trinity College IT support staff will ever ask for your MFA code. It is private and should only be used to authenticate your own logins.
• Verify Any Requests for Help: If you receive an unexpected communication about account issues, contact the IT help desk directly using a verified contact method (e.g., official phone number or email on the college website). Do not use the contact information provided in the suspicious message.
• Check Login Activity: Regularly check your account activity for any unfamiliar logins or changes. If you see anything suspicious, immediately change your password and notify IT support.
• Enable Multi-Factor Authentication (MFA) Everywhere: MFA is an important security measure, but it’s critical to stay vigilant. Use app-based MFA or hardware tokens for additional security on other accounts and resources.
• Report Any Suspicious Activity: If you believe this scam has targeted you, immediately report it to the IT help desk. Prompt action can prevent further damage.

What IT Support Will Never Ask:

• Your MFA codes or any other sensitive information related to authentication.
• To approve login requests or authentication attempts you did not initiate.
• Click on links or download attachments from unknown senders.

What to Do If You Think You’ve Been Targeted:

• Change Your Password immediately. Use a strong, unique passphrase.
• Review Your Account Security Settings: Update recovery options and ensure your security questions and backup email addresses are correct.
• Contact IT Support: If you have doubts about suspicious activities, immediately contact the IT department through the official college channels for assistance.

Stay Vigilant

Remember, scams like these are designed to exploit your trust. Always be cautious and skeptical of unsolicited messages or phone calls. IT professionals at Trinity College will never ask for sensitive information via email, text, or phone.

How to Reach IT Support:

• Email: [email protected]
• Phone: +1 860-297-2100
• Online Support Portal: https://www.trincoll.edu/lits/technology/tech-support/

---

Together, We Can Prevent Security Breaches

Please stay alert and follow these steps to protect your accounts and personal data. Security is everyone’s responsibility. We can work together to keep our community safe from cyber threats by staying informed.

For additional security tips, visit our cybersecurity advisory page and review our best practices for safeguarding your personal and professional information.