Johns Hopkins University processes a lot of information regarding its students, staff, and faculty. Much of what we do – whether in education, patient care, benefits administration, or research and operations – demands that we protect sensitive information.

So JHU employees need to be especially wary of a very common and widespread scam called “phishing.” Phishing is a technique that identity thieves use to obtain sensitive information (including user names, passwords, social security numbers, bank account numbers, and credit card numbers).

It works like this:

  • A person receives an email that appears to be from a legitimate company or person (for instance, a bank, a credit card company, an auction site, or an IT Administrator).
  • The email usually indicates that there is a problem with the person’s computer or account, and urges that person to click on a link included in the email and rectify the problem.
  • If the person clicks the link, he or she will arrive at a website that looks legitimate, but is actually a fraudulent site created by the identity thieves.
  • Once there, the person will be asked to enter sensitive information. If the person enters this information, it can then be used by the thieves to make illegal purchases and commit fraud.

So what should you do if you receive a suspicious email or fall victim to phishing? JHU recommends the following…

Should you receive an email message you suspect is a phishing scam, please forward it to and then promptly delete it. Do not follow its instructions.

If you have already entered your JHED credentials in response to any message you suspect to be phishing, please go to the Johns Hopkins portal to change your password immediately. Contact the Help Desk at 410-516-HELP to report the incident.