Phishing scams use fraudulent emails to get users to reveal confidential information. Such emails usually look like they come from a legitimate organization such as Blackboard but contain links to illegitimate sites.
Blackboard has become aware of a mass phishing scam targeting customers using Blackboard Learn. To be clear, Blackboard Learn has not been hacked — these are emails sent directly from a spammer to emails it may have harvested by spidering the institution’s websites for email addresses.
Phishing Attempt Examples
See below for a few examples of phishing attempts. It is important to realize that the messages will vary.
Example 1: “Received New Mail”
Example 2: “New Course Information”
Purported Sender | Blackboard Learn <notifications@blackboard.com> |
---|---|
Email Subject | New Course Information |
Content |
Good Morning,
An important course form has been posted to you through the Blackboard Learning System. Please sign in immediately to view the form. Click here to sign in <–Link to malicious website Thank you, Blackboard Learn. |
Example 3: “Blackboard Learn: Important New Course”
Purported Sender | Blackboard Learn <email@blackboard.com> |
---|---|
Email Subject | Blackboard Learn : Important new course |
Content |
Dear Staffs/Students
Access to e-mail is about to expire, Please click on the link below to re-activate your account, please sign in to Blackboard system immediately. Click here to sign in to the Blackboard System <–Link to malicious website Thank You. |
Solution
- Notify your end users that these emails are phishing emails and to delete and disregard the emails.
- Do NOT go to the link in the email. Delete the email immediately.
- Please continue to send questionable messages to spam@jhu.edu. For immediate response, please call the Help Desk at 410-516-HELP.
More Information
For more information, see https://it.johnshopkins.edu/restricted/security/phishing.html.