Information Technology wants to warn and educate the Liberty University community about the dangers of phishing attempts via email.  A link for the most recent phishing attempt will appear on the IT Security homepage.  Please refer to this helpful guide to keep yourself safe from a phishing attack.

The most recent phishing alerts are shown below.  If you do not see an alert similar to what you are experiencing, please use the Report Security Issue link on this page to report a security issue.

Report an Incident

Use the link below to report an incident through the IT HelpDesk.

Title:  Overdue fee scam

Date:  January 2024

Source:  Reported by LU employee

Details: 

IT Security wanted to make the community aware there has been an increase in smishing scams impersonating President Dondi Costin. This scam may also be used to impersonate other VPs of Liberty University. However, these notices are not legitimate, and comes from the following phone number 516-359-9540, this number could change. Please disregard this text message and block the number if you receive it, do not respond. Do report the SMS message to IT Security at ITSecurity@liberty.edu with a screenshot of the text and phone number if possible.

Example:  Click images to enlarge


Title:  SMS scam

Date:  February 2024

Source:  Reported by LU employees

Details: 

IT Security has become aware that some users have received a phishing email about a fee that is due. Based on reviewed emails, the fee in various emails is $4.25. We are working to resolve the issue. Please do not reply or click the link, and report the message immediately. For more information on phishing emails, visit Liberty.edu/phishing.

Example:  Click images to enlarge


Title:  Administrative Assistant scam

Date:  October 30, 2023

Source:  Reported by LU employee

Details: 

IT Security has become aware that users are receiving an email impersonating Liberty University informing them to apply for a fake part-time Administrative Assistant position. This is not a real job listing from Liberty University and is purposed to scam users into capturing personal information. If you receive this or a similar email, please report it immediately. Please don’t reply to the email, open attachments, scan QR codes, or click links.

Example:  Click images to enlarge


Title:  RESEARCH ASSISTANT scam

Date:  October 18, 2023

Source:  Reported by LU Student

Details: 

IT Security has become aware that users are receiving an email impersonating a Liberty University Professor informing them of a position that is available at Liberty University, Department of Industrial & Systems Engineering for student researchers, and requesting users to text a Cell Number. This is not a real email from Liberty University. If you receive this email or a similar email, please report it immediately. Do not reply to the email, open any attachments, or click any links.

Example:  Click images to enlarge


Title:  Scholarship scam

Date:  July 2023

Source:  Reported by LU employee

Details: 

IT Security has become aware that users are receiving an email impersonating Liberty University informing them they have been awarded a scholarship and requesting the user to email “liberty.university@mail-on.us”. This is not a real scholarship award from Liberty University. If you receive this email or a similar email, please report it immediately. Do not reply to the email, open any attachments, or click any links.

Example:  Click images to enlarge


Title:  Work Study Scam

Date:  July 2023

Source:  Reported by an LU student

Details: 

IT Security has become aware that users are receiving emails offering a work study position with Dominique Martin. This is not a real job offer. If you receive this email or a similar email, please report it immediately. Do not reply to the email, open any attachments, or click any links.

Example:  Click images to enlarge


Title:  Canvas Fake Job Scam

Date:  December 3, 2022

Source:  Reported by LU Employees

Details: 

IT Security has become aware that some students have received a phishing email through Canvas prompting users to click on a link to view more information about a job opening. This is not a real offer. Please do not reply or click the link, and delete the message immediately.

Example:  Click images to enlarge


Title:  Writing Assistance Scam

Date:  October 21, 2022

Source:  Reported by LU Employees

Details: 

IT security was informed of a email phishing scam, offering writing assistance sent through notifications@instructure.com. This email claimed it would write papers for students and prompted users to respond with their personal email or WhatsApp number. Please do not ever open suspicious links or files that you are not expecting. Please do not reply to any emails from notifications@instructure.com, you may report all suspicious emails using the report button located in Outlook.

Example:  Click images to enlarge


Title:  Malicious Sharepoint Share

Date:  August 31, 2022

Source:  Reported by LU Employees

Details: 

IT security was informed of a email phishing scam, regarding a Sharepoint file that was sent through no-reply@sharepointonline.com. This file was claimed to be apart related to Accounts Payable, and is a survey prompting for the Users role in the university and their password. Please do not ever open suspicious links or files that you are not expecting, even if they are being sent through no-reply@sharepointonline.com. Report all suspicious emails to scams@liberty.edu or via the PhishER report button located in your Outlook App.

Example:  Click images to enlarge


Title:  Smishing (SMS Phishing)

Date:  July 19, 2022

Source:  Reported by LU Employees

Details: 

IT Security has been made aware of a new smishing scam to be on the lookout for. This scam purports to be from VPs of Liberty and requests the user to handle a request. However, this notice is not legitimate, and comes from the following phone number 720-358-7447, this number could change. Please disregard this text message and block the number if you receive it, do not respond. Do report the SMS message to IT Security at ITSecurity@liberty.edu with a screenshot of the text and phone number if possible.

Example:  Click image to enlarge


Title:  SharePoint Spoofing Phishing Scam

Date:  June 17, 2022

Source:  Legitimate External Users have been compromised

Details: 

IT Security has been made aware of a new email scam to be on the lookout for. This scam purports to be from SharePoint saying you have received a new document or FAX that contains sensitive information. However, this notice is not legitimate, and comes from a spoofed, or impersonated email address.

Example:  Click images to enlarge


Title:  PayPal Phishing Scam

Date:  May 31, 2022

Source:  Threat Intelligent Resources Reports

Details: 

IT Security has been made aware of a new email scam to be on the lookout for. This scam purports to be from PayPal and advises that your account has been restricted and you must take action to continuing using the service. However, this notice is not legitimate, and comes from a spoofed, or impersonated email address. The email has a link that would take you to a page on a non-PayPal domain but has many interface elements designed to look like a legitimate PayPal site. This site appears to log you in but asks many invasive questions for the purposes of committing identity theft; asking for things like residential and credit card information, as well as social security numbers.

Example:  Click images to enlarge


Title:  Covid Test Email

Date:  December 8, 2021

Source:  External Email

Details: 

There has been an influx in phishing campaigns that are targeting US universities. The attack begins with an email pretending to contain information about the new Omicron variant, COVID-19 test results, additional testing requirements, or educational program changes. These emails urge you to click on an attached .HTM file, which will take you to a cloned login page for the university’s login portal. DO NOT click or download the file and report the email immediately.

Example Email: 


Title:  Internal Phish – Voicemail

Date:  September 30, 2021

Source:  Compromised Internal User

Details: 

There has been a recent uptick in lateral phishing attempts that are being sent internally from accounts that have been compromised accounts. The email informs users that they have a voicemail(s) waiting in their Microsoft Inbox.

Liberty University voicemail system does not send emails like these.

Example Emails: Click images to enlarge


Title:  Payments Scam

Date:  September 10, 2021

Source:  Outlook Email

Details: 

There are reports of an email going around regarding attached payments that have been processed. Do not click the PDF attachments. They are links to a fraudulent login page.

Please report these emails when you receive them. Check out Protecting Yourself From Scams & Phishing for more information on how to report an email.


Title:  Voice Message Scam

Date:  September 9, 2021

Source:  Outlook Voice Message

Details: 

There are reports where members of Liberty University are receiving emails with a link to a voice message. Do not click the link. It leads to a fraudulent login page asking for your username and password.

Please report these emails when you receive them. Check out Protecting Yourself From Scams & Phishing for more information on how to report an email.


Title:  Loan Phone Scam

Date:  May 27, 2021

Source:  Scam Phone Calls

Details: 

There have been reports of students receiving phone calls from a group claiming to be Liberty University, stating they need financial aid information and LU account information in order to review the user’s loan(s) and ensure that the loan(s) or the loan deferment is processed correctly.

Helpful Tips: 


Title:  Notification of New Message

Date:  May 29, 2021

Source:  External Email – janita.pirhonen@aalto.fi

Details: 

The newest phishing email has a date that changes each time an email is sent out. The sender appears as “liberty Support” with a Liberty University recipient.

Example: Click images to enlarge


Title:  SMS HR Phish

Date:  March 19, 2021

Source:  SMS(Text Message)

Details: 

A few have reported receiving a text message claiming to be HR with Liberty University and want to interview them. If you reply, you will be provided a phishing link. See the example text messages below.

Example: Click images to enlarge

Statement from HR:

HR communicates with employment candidates via their email address or a phone call to the number listed on their application submitted in HR Job Tools, but we do not send text messages. If someone suspects that a communication is not legitimate, they can contact HR@liberty.edu to confirm whether it was from HR or not.


Title:  Shaun Staffen sent you some files

Date:  January 25, 2021

Source:  [External Email] Dropbox Email Address, no-reply@dropbox.com

Details: 

Dropbox transfer was used to users download “PO-09507 333.pdf” which when opened requests the user access the document through OneDrive by clicking on the link within the PDF Example/Content screenshot attached. IT Comms please block out individual user information.

This phishing attempted utilizes Dropbox to evade being blocked, when users open the dropbox link they are prompted to download the malicious PDF document.

Example: Click images to enlarge


Title:  Quarantine Report Spoof

Date:  December 22, 2020

Source:  [External Email] Spoofing Individuals’ LU Email

Details: 

Scammers are using a spoof of the quarantine report to phish users into clicking a malicious link embedded in the email, stating:

You have new held messages.

Liberty has prevented the delivery of 9 new emails to your inbox because it identified these emails as spam.

View Emails

Example:


Title:  Available, Urgent Request Email

Date:  November 13, 2020

Source:  [External Email] LU_Username.liberty.edu@gmail.com

Details: 

The scammer is sending emails with a Display name that matches users here at Liberty University, most of the time upper management. These emails are being sent to members of that person’s department, asking:

“What number can I text you at?”

Example:


Title:  Deactivation Phishing Email

Date:  October 20, 2020

Source:  [External Email]

Details: 

IT Security is aware of a phishing email received by many Liberty University mailboxes and is working to mitigate it. This phishing email contains a very simple message:

“To all Liberty University Faculty, Staff and students: Your LU Email account information needs to be updated in the database system to avoid deactivation. Click [the phishing link] to update.”

Please remember that official Liberty University communications will not send this sort of message, and any alerts related to your LU email or login account status will be displayed in your browser or app at sign in.

Example:


Title:  Missing/Pending Package Text Message

Date:  August 25, 2020

Source:  [Text Message/SMS]

Details: 

Recently, several members of the Liberty University community have reported receiving a text message advising of a lost or pending package and provides a link which is indicated to be used to claim the package. Please be aware that this message is not associated with Liberty University Postal Services, or any other postal or delivery service.

In the IT Security team’s investigation, it was determined that the link in the text would take the recipient to a variety of surveys that could be used to reveal personal information. While not precisely a phishing scam, it is a message that uses a sense of urgency mislead the recipient to access a potentially dangerous website.

Please note that if Liberty University Postal Services has received a package that is awaiting pickup, you will instead receive a notification email. If you receive this text message, or a similar message, please disregard it, and you may safely delete and or block the sender.

Example: 


Title:  Malware Attacks with Email Attachments

Date:  July 23, 2020

Source:  [External Email]

Details: 

Help protect the Liberty University community and yourself from cyber threats by being vigilant when using email.

Cybercriminals will try to trick you into downloading a malicious attachment from an email. This will allow malware onto your device, causing serious damage to your data and files and stealing your account credentials and other sensitive information.

Recently, the Liberty University IT Security team has seen an increase in the amount of email threats using this method. While we believe that these attempts have been blocked, we feel it is important to equip our community to recognize these attempts in the event that one slips past our filters, or you encounter one in a personal, non-LU email account.

Common things to look out for:

  • Unexpected emails including an attachment, but the individual doesn’t say much about what the attachment is or why you are receiving it. For example, a blank email
  • Emails that have a sense of urgency, but they reference interactions (such as sales, orders, or invoices) that you haven’t had, or with organizations that you aren’t familiar with.
  • Emails with fake or “spoofed” sender addresses, where the email says it’s from one account, but it’s actually from another one.
  • Emails that have a subject line that is only your name as it appears in the email directory. For example: “Subject: [External] Lastname, Firstname Middlename (Department)”
  • Emails that have “[External]” in the subject line at the beginning. Just remember these emails did not come from Liberty University, even if it looks like it might have come from an LU email address.

If you believe you have received one of these emails or attachments, we recommend reporting it to Office 365. Please see the article, How can I stay safe against phishing and email scams , for further information.


Title:  Impersonating Supervisors/Directors

Date:  May 10, 2020

Source:  [External Email]

Contents: 


Title:  Fraudulent Email Warning: Bitcoin Sextortion

Date:  April 22, 2020

Source:  [External Email]

Details: 

Please be aware of a vicious phishing email message that is circulating with the attempt to extort money from recipients by using threats and shaming tactics.  The messages are luring victims to send Bitcoin currency to the sender by threatening to release compromising photos or videos involving the recipient, known as sextortion.

In an attempt to increase the perceived legitimacy of the scam, they usually include a password that may have been associated with your account, but these often are collected from previous unrelated data breaches.

Examples of these messages are below: Click images to enlarge

If you receive a similar message, we recommend you take the following actions:

If you have been a victim of a sextortion scam and have paid the Bitcoin ransom, immediately report it to the Liberty University Police Department (www.liberty.edu/police).


Title:  [youremailaddress]@liberty.edu fails-to-deliver

Date:  April 2, 2020

Source:  I T helpdesk.<——–@columbus.k12.oh.us> (exact address removed for privacy reasons)

Details:  Several emails were sent claiming to be from an “IT Service Desk” advising that several recent emails failed to be delivered.  This email also included a PDF file that could potentially have malicious code in it.

Contents:


Title:  “Package pending delivery” text scam

Date:  April 1, 2020

Source:  SMS Text Message

Details:  A suspicious text message with a web link was received advising that the recipient had a package pending for delivery.  After inspection of the site in the URL, it was determined that the site was hosting a fraudulent survey claiming to offer a free iPhone in return for information about your Liberty University experience.

Contents:


Title:  FINAID STATUS ALERT

Date:  February 21, 2020

Source:  USER@miners.utep.edu

Contents:


Title:  Payroll Notification

Date:  February 21, 2020

Source:  USER@ufl.edu

Contents:


Title:  your libertyID suspended

Date:  February 7, 2020

Source:  ITfeedback [itfeedbacks@xidtechnology.apac.microsoftonline.com]

Contents:


Title:  Quick Response

Date:  January 10, 2020

Source:  Gmail Account Disguised as LU Faculty Addresses

Contents:


Title:  Sevice Update…

Date:  December 18, 2019

Source:  Liberty Support-Team (vcgte@cnhldn.com)

Contents:


Title:  Help Desk

Date:  November 19, 2019

Source:  IT Help Desk

Contents: