POSSIBLE ACCOUNT TAKEOVER in an Email Subject Line

Revision as of 14:50, 23 January 2023 by Phil (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

If you get an email from the MAILER-DAEMON@johnshopkins.edu email address with the text "POSSIBLE ACCOUNT TAKEOVER" in the subject line, here's what you need to know:

This is an anti-phishing mail filter from the JHU mail system, albeit somewhat confusingly-worded.

This email means that a different email to your JHU email address looked like a phishing email. The email message that triggered the alert will be attached to the email in a file named OriginalMessage.txt.

It is important to note that the email does not necessarily mean your account has been compromised. It means that someone tried to compromise your account by sending you a phishing email in the hopes that you would enter your account name and password into the attacker's website. As long as you have only used your password on official JHU and CS login websites and SSH hosts, your account should be safe. (If you are concerned that your account credentials may have been leaked, please see Changing Passwords On The CS Linux Systems for a CS account or Contacting JHU IT Support for a JHU account.)

This email is only generated when the JHU mail system thinks the phishing email came from another JHU system; you should never see it as a result of email that came directly to your JHU email account from outside Hopkins. The most common source of this email is when you have forwarded your CS email address to your JHU email address. In that case, phishing messages may be forwarded, too (though our spam filtering blocks many of them), and will trigger the response from the JHU mail system.