Lehigh University logo
Library and Technology Services logo

Protect your Lehigh computing account from phishing email messages

Dear Members of the Campus Community,

In the past year there has been an exponential increase in the number and sophistication of cyber attacks and crimes committed globally on the internet. Lehigh University is not immune to these cyber attacks and we have seen a significant increase in persistent cyber threats and malicious activity targeted at our community.

In the past two weeks there have been several phishing emails sent to students, faculty, and staff asking us to reestablish or update our logon credentials. We are seeing a significant increase in email phishing campaigns and your username and password provides attackers access to valuable electronic resources, services, and private information, thus your logon credentials are often the target of phishing attempts.

As we head into Spring Break and you may be preparing to travel, Library and Technology Services (LTS) and the Office of Information Security urges you to be vigilant in protecting your Lehigh computing account logon credentials.

Use extreme caution when you receive email messages about Lehigh Help Desk, email, LTS, or Lehigh-related services and take these actions:

  • DO NOT rush to provide your credentials. Confirm that the message is legitimate and not a fake message attempting to steal your credentials or download malware on your computer or mobile device.
  • ALWAYS verify that the message is from an authoritative Lehigh (lehigh.edu) sender. Internal emails often originate from already compromised accounts, so be sure that the URL of any link within the message is actually linking to a "lehigh.edu" address.
  • IF YOU DO ACCESS a site and begin typing your password and it is showing up on screen in the form... STOP! This is an insecure website and will NEVER be used for a legitimate logon.
  • GET HELP. In making any decision on an email or website requesting your credentials, you can ALWAYS forward the email, web link, or call Lehigh Help Desk (helpdesk@lehigh.edu 610-758-4357) or Information Security (security@lehigh.edu 610-758-3994)

In addition to being extra vigilant about websites requiring Lehigh logon credentials, be on guard with any requests for personally identifiable information (PII), such as Social Security number, birth date, credit card information, or passwords. We strongly recommend that you never send this type of information in email. Examples of recent phishing messages are available at: https://lts.lehigh.edu/phishing/examples

Thank you for doing your part to protect the university's systems and data.

Bruce M. Taggart, Ph.D.
Vice Provost
Library & Technology Services

Keith K Hartranft, CISSP, CISM, PCI-DSS ISA & PCIP
Chief Information Security Officer
Library & Technology Services