New Scam Targeting BYU Skip to main content
Information Security
YOUR SOURCE FOR IMPROVING INFORMATION SECURITY FOR YOURSELF AND OUR CES COMMUNITY.

New Scam Targeting BYU

BYU campus community, in the last few days, employees and students across campus have been receiving deceptive messages that are part of a phishing scam to gain personal information and access to BYU accounts. This phishing scam may involve emails and text messages.

What is happening?

An employee or student will receive an email advertising job openings or pretending to be BYU IT Support.

Both types of emails will ask for the recipient’s username and password or include a link to a Google form that asks for this information. If you provide any credentials, they will follow up with a text asking the user to approve the Duo push they just received.

What should you do?

  • Forward any and all suspicious emails to phishing@byu.edu.
    Do not respond to the sender, including clicking on any links or using QR codes in the email message.
  • NEVER accept any Duo pushes that you did not initiate.
  • Do not provide any credentials or personal information in response to the request.
  • If you have filled out a form or otherwise provided any information to them, immediately contact the CES Security Operations Center at 801-422-7788 or email at cessoc@byu.edu.

Note: BYU IT will never ask for credentials or Duo push approvals over text.

Below are screenshots of real examples of this particular deceptive messages.

Thank You,
BYU Office of Information Technology

Learn more about phishing here.