Denison ITS is aware of multiple, ongoing phishing campaigns. These are very active campaigns, and they are attempting to steal account information in order to steal financial and student data.

This attack is targeting students, faculty, and staff. These campaigns contain a form (typically a Google Form) that requests personal information, including personal email addresses and/or Denison account passwords. The contents of messages vary, but they originate from similar sources. Recent phishing message subject lines include:

• IMPORTANT NOTICE: Extra cash flexible gigs
• General System Maintenance 12 / 15 / 2025— Act Fast!
• Flexible, Part-Time Personal Assistant – $30/hour

As a reminder, NEVER send your password in an online form except for the Denison SSO page. You can verify the SSO page is real by looking in the address bar: the address should say identity[.]denison[.]edu. NEVER provide a multi-factor authentication (Duo) code that you didn’t initiate through SSO, especially over SMS or text message.

If you have any questions or suspect you may have provided information to the attackers, immediately contact the Service Desk.