���ϳԹ���

• Home
• IT Services
• Account Security Guidelines

Account Security Guidelines

General Guidance:

All official ���ϳԹ���University communications originate from @shepherd.edu email addresses. ���ϳԹ���will not use @rams.shepherd.edu addresses to communicate. ���ϳԹ���also does not use @gmail.com, @yahoo.com, or any other generic email addresses for official communications.

���ϳԹ���University will never email or text you requesting personal information.

The “display name” of the sender is not an indicator of validity: always check the sender’s email address to identify the origin of the email.

If you are ever in doubt regarding the validity of an email or other digital communication relating to ���ϳԹ���University, contact the IT Services Desk:

itworkorder@shepherd.edu

304-876-5457

Our hours are Mondays – Fridays 8:00 AM – 4:30 PM

Email Security:

• ���ϳԹ���IT will never ask for your password or MFA codes. Do not, under any circumstances, provide this information to anyone.
• Your passwords, MFA codes, etc. are for you, and only you, to know.
• They do not serve their purpose if they are shared.
• If you receive emails and/or texts claiming to be from ���ϳԹ���IT and requesting personal information, be aware that this is a phishing attack. You should not respond. Instead, forward the communications to itworkorder@shepherd.edu for tracking and investigation.
• ���ϳԹ���IT will never email you threatening to delete or disable your account.
• Important: while IT Services has a number of security measures in place, ���ϳԹ���email accounts can still be compromised when the user falls for a phishing attack.
• Do not automatically trust emails from @shepherd.edu or @rams.shepherd.edu addresses.
• If the email itself is suspicious despite being sent from a ���ϳԹ���address, it may be phishing.

RAIL Security:

• Never provide your RAIL PIN to anyone.
• No one at ���ϳԹ���will ever ask you for it.
• If you are ever asked to provide your RAIL PIN, it is a phishing attack.

BankMobile Security:

• If you receive an email claiming to be from BankMobile, check that it originates from an email address with a BankMobile/BMTX domain.
• The sender’s email display name can be altered, so always confirm the email address is legitimate.
• BankMobile does not use @gmail.com or other generic email addresses for communication.
• Phishing emails relating to BankMobile may include a link that directs you to a spoofed BankMobile login page. These pages are designed to steal any login information you enter.
• It is always safest to navigate to your BankMobile account using the link on the in the Office of Finance section of the ���ϳԹ���website.
• Never provide your BankMobile account details to a third-party.
• If in doubt, always navigate to the BankMobile website itself before taking any account actions. Do not implicitly trust links sent to you via email.

If you are concerned about the security of your BankMobile account, contact their Resolution Team at 855-398-7260.

LinkedIn & other external platforms:

IT Services has received reports that ���ϳԹ���students are being approached on LinkedIn and other platforms by individuals looking to steal their personal information.

If you do receive a communication through any external platform referencing your affiliation with ���ϳԹ���University and which requests your personal information, be aware it is a phishing attempt.

Do not respond to these communications nor provide information.

PHISHING

Phishing Red Flags:

• Subject does not match content of email.
• Claims to be an official ���ϳԹ���communication, but sent using student address (@rams.shepherd.edu) or a generic email address (@gmail.com, @yahoo.com).
• Claims to be an official ���ϳԹ���communication, but signature/logos/names do not match.
• Sent at an odd time (i.e. 2am).
• Poor spelling, grammar, and punctuation.
• Hover your cursor over a link: phishing emails often disguise malicious links, but you can see the real link in the preview.
• Email includes an external form.
• Promises enticing incentives if you do what is requested OR Threatens punitive action if you don’t do what is requested.

Common Phishing Schemes:

• Job Offer –
• Typically promises high pay for little work.
• Often references personal shopping, assistant, etc.
• Offer is “too good to be true”.
• Account Deletion –
• Claims that you have multiple accounts or accounts with multiple institutions.
• Claims that your account will be de-activated due to graduation, transfer, etc.
• Requests confidential information to resolve the issue.
• Withheld Financial Aid Funds/Refund –
• Requests you complete some action or provide some information before funds are released.
• May reference a refund in an amount or at a time you are not expecting.
• Claims to be from the Financial Aid or Business Office, but does not originate from a @shepherd.edu address used by those offices.
• Claims to be from BankMobile but does not originate from a valid BankMobile/BMTX email.