Beware this Outlook-based phishing scam
April 29, 2021
Screenshot of an email with the subject Password Expired

Information Systems and Technology (IS&T) warns community members to beware of an email asking you to “revalidate” your MIT password and threatening to suspend your Outlook access.

If you receive such an email, do not click on the Outlook Validation link! The link takes you to a very convincing fake Outlook Web App login page. However, if you hover over the link you will see that it does NOT take you to MIT’s actual Outlook Web App,

Please note that IS&T never sends password reset emails or asks you to revalidate your password. The IS&T article Counting the ways you can change your Kerberos password explains the only methods used for changing your password.

Remain vigilant

IS&T encourages individuals to be very careful about clicking on links or opening attachments in emails, and to never do so in unsolicited emails.

IS&T’s Security Team asks you to report any suspicious emails by forwarding the email as an attachment to

Additional resources

The IS&T article Learn how to avoid a phishing scam explains how to identify, avoid, and protect yourself against phishing scams.

The MIT Phish Bowl has examples of recent phishing emails targeted at MIT.

Read up on common email scams in the IS&T Knowledge Base.

If you receive an email you aren’t sure about, please don’t hesitate to contact the Security Team at