Hackers stole the paychecks of several employees last week after gaining access to their accounts through an email phishing scam that claimed a university staff member tested positive for the monkeypox virus.
The affected employees clicked a link in the email, entered their Rowan NetID username and password into a fake login page similar to this one, and then approved a Duo login prompt they didn’t initiate. These actions gave the hackers full access to their accounts, allowing them to log in to Self-Service Banner and change their direct deposit information.
While Information Resources & Technology identified and removed the monkeypox email within hours of it being received that night, these scams can happen at any time and can lead to serious consequences, like identity theft and financial loss. We need your help to protect yourself and the university. Here’s how you can do that.
Learn How to Spot Scams
When you receive an email you weren’t expecting, take the following steps to review it:
Visit our phishing page for additional tips.
Don’t Approve Duo Prompts You Didn’t Initiate
With the monkeypox scam, employees approved Duo login prompts they didn’t initiate.
Never approve a Duo login prompt unless you’re sure you are the one logging in. You must be vigilant to protect your account.
If you do receive a login approval request from Duo that you didn’t expect, usually a push request or phone call, deny it and change your password immediately at netid.rowan.edu. For help, follow our step-by-step instructions on updating your Rowan NetID password.
For more security tips, visit our pages on spotting phishing scams and malicious websites. You can always check our list of known scams if you receive an email you think is suspicious.
If you have a question about a suspicious email or text message you received, please contact the Technology Support Center at 856-256-4400 or support@rowan.edu, and we’ll help you determine whether it’s legitimate or not.