Recent increases in successful phishing attempts at the College have tricked users into providing their Wellesley domain usernames and passwords. Despite several communications from LTS through various channels, some users continue to be the victims of these attempts.

When an individual’s user credentials are exposed, it not only exposes the personal information of that individual, but potentially compromises the privacy of several other users as well as sensitive College data. Information security is a collective, shared responsibility and each of us plays a critical role in following best practices outlined here.

Because of the seriousness of falling victim to phishing attacks, the College is instituting a mandatory security training requirement for any users who fall victim to phishing, effective immediately. The College has licensed an online security education system from SANS, a reputable information security organization, called “Securing the Human.” This online course is an excellent practical and engaging guide to best practices in protecting information. Users who are the victims of a phishing attack will be required to complete this course within 2 weeks after we identify the issue.

To: Faculty, staff, students
From: Ravi Ravishanker, CIO, LTS
More info: Computing Help Desk, x3333 (faculty-staff), x7777 (students), helpdesk@wellesley.edu