Protect Your Account
Protect Your Account
Protect Your Account
Hackers are creating more personalized, targeted attacks to trick you into sharing information you shouldn’t. Use the guidance on this page to protect your account and protect your univeristy.
Keep Your Info Private
Never share your Duo codes or password. We will never ask you for this information. If someone does, it's a scam.
Create Unique Passwords
If you reuse the same password, a hacker who gains access to one of your accounts can easily access others.
Enable More Security
Two-factor authentication prevents hackers from accessing your account, even if they have your password.
Current Threats
Hackers targeting Rowan via text, email
Hackers are actively targeting Rowan University students and employees through phishing emails and text messages. These scams claim that you opted to shut down your Rowan email account and ask you to send your Duo verification code to keep your account active.
Rowan University will NEVER email, call or text you to request your Duo verification code or passcode. If you get a message asking for this information, it's a scam. Report it to support@rowan.edu.
Due to the ongoing security situation, we have posted a reminder on our single sign-on system to never give your password or Duo code to another person. We will keep that reminder posted until this threat has been resolved.
Please keep your account information private. By doing so, you are not only protecting yourself and your data — you’re protecting the entire Rowan University community.
Email Scams
Avoiding Phishing Scams
If you receive an email you weren’t expecting that includes a link, stop and think before you click.
- Check Known Scams: If the email seems suspicious, check go.rowan.edu/scams to see if it’s a scam we’ve identified. If it’s listed, delete it. If it's not, move to step 2.
- Look for Red Flags: Use our tips for spotting phishing scams to further review the email. In particular, take extra precaution when deciding whether to click on a link or take another action in response to a message that has been marked as [EXTERNAL]. The label is applied to emails sent from non-Rowan University email addresses in order to flag potential phishing scams, most of which originate with external senders.
7 Ways to Spot a Phish
Don't be the catch of the day! Fortify your online safety net, and protect your personal information and hard-earned money, by learning how to spot a scam using our tips below.
Job Offer Scams
Did you receive a job offer that claims to pay good money for a few hours of work? It's likely a scam.
Check Deposit Scams
Keep an eye out for scams that ask you to deposit checks into personal accounts as part of a job offer.
Unemployment Fraud
Take these steps if you receive a notice for unemployment benefits and you have not filed a claim.
DEA Calls
Criminals posing as federal agents may accuse medical professionals of drug law violations.
Sextortion Scams
These scams demand payment to prevent the release of supposed compromising videos.
Gift Card Scam
This scams asks you to buy gift cards for someone who promises to pay you back. They won't.
10 Tips to Avoid Scams
Scams come in many different forms. Use these 10 tips to avoid scams of all kinds.
Malware & Malicious Websites
Avoiding Malware
Short for malicious software, malware can be used to steal personal information, send spam and commit fraud. To protect your computer from malware, install antivirus software. You should also:
- Be careful about which websites you visit. File sharing sites and sites that allow you to illegally watch movies are ripe with contaminated programs that may infect your computer.
- Regularly update your operating system and software. Also, while doing this, make sure you pay attention to what those programs are installing on your computer. Updates to Internet plug-ins, such as Java, can install other programs that you might want to avoid.
- If you no longer need a particular software application, remove it. Attackers are constantly targeting systems with outdated versions of software.
7 Ways to Spot a Malicious Website
Don't get snagged by a malicious website. Cursor over any of the numbers to learn the red flags of a website trying to steal your personal information.
Download PDF of Malicious Website Infographic
Duo Scams
Repeated Duo Prompts
Another tactic used by hackers to gain access to your account is sending your phone a barrage of Duo sign-in requests with the intent to frustrate you enough to approve access — even if you didn’t initiate the login attempt.
Since hackers need to have your username and password to launch this type of attack — known as multi-factor authentication (MFA) fatigue — you can stop it by changing your password at netid.rowan.edu.
For help, follow our step-by-step instructions on updating your Rowan NetID password.
Fake Login Pages
Hackers are creating fake login pages that look really similar to legitimate Rowan University websites to try to get access to your account. You may be directed to one of these pages if you click on a link from a phishing email, like the one shown below. In addition to our other phishing tips, be particularly wary of links in emails marked as [SUSPECTED SPAM] in the subject line. This label is applied to emails flagged by our system's anti-spam tools.
Then, you’ll be directed to a page that looks like the sign-on page you’re used to seeing for Rowan applications. Often, the only way you can spot a fake from the real thing is by carefully looking at the URL. The URL may include rowan.edu but start with a .net, .com or other domain, like xyz.com/rowan.edu/cas/login, as shown below. When you are logging in to applications protected by Rowan’s single sign-on service, the URL will always start with login.rowan.edu.
Once you provide your NetID and password in a fake login page, you may be redirected to another site, asking you to verify your identity through two-factor authentication. This page may appear similar to a legitimate Duo prompt, but will only offer one option: entering a passcode.
If you provide a passcode, the hacker now has everything they need to fully access your account: your Rowan NetID, password and a real Duo passcode to verify your identity.
You must be vigilant to protect your account. Always verify the URL before entering your NetID, password or Duo passcodes into a website.
Pay particular attention to the text between https:// and the next / in URLs: https://irt.rowan.edu/help is a legitimate Rowan University website, while https://irt.scam.com/rowan.edu/help is not.