A phishing email impersonating Loyola President Jo Ann Rooney was sent to some Loyola students and staff, according to Jim Pardonek, Loyola’s information security officer.
The email, which includes a Loyola logo and a photo of Rooney, claims to include information from Rooney for users to look at and asks users to click a link for more information. In an email sent to Loyola email users Monday, Pardonek said it was designed to coerce users into providing their login information on a website designed to look like an official Loyola site.
Pardonek warned students and faculty not to click any links in suspicious emails, and to contact Loyola Information Technology Services office if they clicked the links or notice suspicious activities on their accounts.
Loyola email accounts have been plagued with phishing scams similar to this since at least June 2017, when a wave of phishing emails targeted thousands of users. Thousands of accounts were later found to have been compromised in those scams, and the emails have continued to target Loyola accounts.
Such scams are difficult to stop once they’ve started because they gain more users’ information every time someone clicks one of the malicious links, Pardonek said in November. While Pardonek said Loyola could fight the scammers using a system called two-factor authentication, which requires users to verify their identities two ways before being allowed to use an account, he has said there aren’t plans to implement such a system any time soon.