There is an active scam impacting colleges and universities nationwide, including institutions in our area.
What’s Happening?
Cybercriminals are using phone-based phishing (also called voice phishing or vishing) to trick individuals into revealing sensitive information such as passwords or multi-factor authentication codes. Be aware that malicious websites can be made to look like legitimate BC sites. These attacks often impersonate trusted university staff or IT support, and may sound urgent or authoritative.
How to Protect Yourself and Boston College:
- Never share your password or multi-factor authentication code with anyone over the phone, email, or text—even if the caller claims to be from BC ITS or another official department.
- Hang Up Immediately: If a caller creates a sense of urgency, asks for your password, or pressures you to act immediately, hang up. No legitimate organization will demand instant action for a sensitive security matter.
- Be Skeptical of Spoofing: Attackers can easily "spoof" phone numbers to make it appear as though they are calling from an on-campus office. The appearance of a BC phone number on caller ID, is not confirmation of legitimacy. Also be skeptical if you are asked to enter your password and multi-factor authentication codes into any website, as websites can also be spoofed.
- Report suspicious activity right away:
- Forward suspicious emails to phishing@bc.edu.
- Call the BC Help Center at 617-552-4357 to report suspicious text messages, phone calls or other contact methods.
If you think you may have accidentally shared information with a cybercriminal, don’t delay, contact security@bc.edu immediately.
Cybersecurity is a shared responsibility. Your caution helps protect your personal information, and the integrity of Boston College’s systems.