Paychecks stolen by monkeypox phishing scam

Hackers stole the paychecks of several employees last week after gaining access to their accounts through an email phishing scam that claimed a university staff member tested positive for the monkeypox virus.

The affected employees clicked a link in the email, entered their Rowan NetID username and password into a fake login page similar to this one, and then approved a Duo login prompt they didn’t initiate. These actions gave the hackers full access to their accounts, allowing them to log in to Self-Service Banner and change their direct deposit information. 

While Information Resources & Technology identified and removed the monkeypox email within hours of it being received that night, these scams can happen at any time and can lead to serious consequences, like identity theft and financial loss. We need your help to protect yourself and the university. Here’s how you can do that. 

Learn How to Spot Scams

When you receive an email you weren’t expecting, take the following steps to review it:

  1. Check sender name and email: Make sure the email was sent by an address you recognize. Hackers may use names that appear to come from a trusted source, but if you look closer the email doesn’t match. For example, the monkeypox phishing email was sent from a address not a address.
  2. Look for [EXTERNAL] label in subject line: Take extra precaution when evaluating whether to click on a link or take another action in response to a message that has been marked as [EXTERNAL]. This label is applied to emails sent from non-Rowan University email addresses in order to flag potential phishing scams, most of which originate with external senders.

Visit our phishing page for additional tips

Don’t Approve Duo Prompts You Didn’t Initiate

With the monkeypox scam, employees approved Duo login prompts they didn’t initiate. 

Never approve a Duo login prompt unless you’re sure you are the one logging in. You must be vigilant to protect your account. 

If you do receive a login approval request from Duo that you didn’t expect, usually a push request or phone call, deny it and change your password immediately at For help, follow our step-by-step instructions on updating your Rowan NetID password

For more security tips, visit our pages on spotting phishing scams and malicious websites. You can always check our list of known scams​ if you receive an email you think is suspicious.

If you have a question about a suspicious email or text message you received, please contact the Technology Support Center at 856-256-4400 or, and we’ll help you determine whether it’s legitimate or not.