Why?

Information Security has identified this phishing scam being sent to WPI.edu email addresses.

Action Needed

If you received this message, DO NOT reply, click any links, open any attachments, or provide any personal information. If your account was compromised by responding to this message, please work with the IT Service Desk and Information Security teams to regain access. Any time that you receive a suspicious email, please forward it as an attachment to phishing@wpi.edu, or use the report button in Outlook and delete. 

Details

Screenshots of the malicious email are below:

Image of a phishing email with the following captions: The from address looks convoluted. Microsoft is based in the US, so an email from them ending with.es is odd. Subject line is from an external source and the word notifier is used in an unusual way. Long text mimics disclosure statements at other organizations.

    

Screenshot of an expiring password notification scam that is made to look like an official email from Microsoft.