• Home
• IT Services
• Account Security Guidelines

Account Security Guidelines

General Guidance:

All official Shepherd University communications originate from @shepherd.edu email addresses. Shepherd will not use @rams.shepherd.edu addresses to communicate. Shepherd also does not use @gmail.com, @yahoo.com, or any other generic email addresses for official communications.

Shepherd University will never email or text you requesting personal information.

The “display name” of the sender is not an indicator of validity: always check the sender’s email address to identify the origin of the email.

If you are ever in doubt regarding the validity of an email or other digital communication relating to Shepherd University, contact the IT Services Desk:

itworkorder@shepherd.edu

304-876-5457

Our hours are Mondays – Fridays 8:00 AM – 4:30 PM

Email Security:

• Shepherd IT will never ask for your password or MFA codes. Do not, under any circumstances, provide this information to anyone.
• Your passwords, MFA codes, etc. are for you, and only you, to know.
• They do not serve their purpose if they are shared.
• If you receive emails and/or texts claiming to be from Shepherd IT and requesting personal information, be aware that this is a phishing attack. You should not respond. Instead, forward the communications to itworkorder@shepherd.edu for tracking and investigation.
• Shepherd IT will never email you threatening to delete or disable your account.
• Important: while IT Services has a number of security measures in place, Shepherd email accounts can still be compromised when the user falls for a phishing attack.
• Do not automatically trust emails from @shepherd.edu or @rams.shepherd.edu addresses.
• If the email itself is suspicious despite being sent from a Shepherd address, it may be phishing.

RAIL Security:

• Never provide your RAIL PIN to anyone.
• No one at Shepherd will ever ask you for it.
• If you are ever asked to provide your RAIL PIN, it is a phishing attack.

BankMobile Security:

• If you receive an email claiming to be from BankMobile, check that it originates from an email address with a BankMobile/BMTX domain.
• The sender’s email display name can be altered, so always confirm the email address is legitimate.
• BankMobile does not use @gmail.com or other generic email addresses for communication.
• Phishing emails relating to BankMobile may include a link that directs you to a spoofed BankMobile login page. These pages are designed to steal any login information you enter.
• It is always safest to navigate to your BankMobile account using the link on the in the Office of Finance section of the Shepherd website.
• Never provide your BankMobile account details to a third-party.
• If in doubt, always navigate to the BankMobile website itself before taking any account actions. Do not implicitly trust links sent to you via email.

If you are concerned about the security of your BankMobile account, contact their Resolution Team at 855-398-7260.

LinkedIn & other external platforms:

IT Services has received reports that Shepherd students are being approached on LinkedIn and other platforms by individuals looking to steal their personal information.

If you do receive a communication through any external platform referencing your affiliation with Shepherd University and which requests your personal information, be aware it is a phishing attempt.

Do not respond to these communications nor provide information.

PHISHING

Phishing Red Flags:

• Subject does not match content of email.
• Claims to be an official Shepherd communication, but sent using student address (@rams.shepherd.edu) or a generic email address (@gmail.com, @yahoo.com).
• Claims to be an official Shepherd communication, but signature/logos/names do not match.
• Sent at an odd time (i.e. 2am).
• Poor spelling, grammar, and punctuation.
• Hover your cursor over a link: phishing emails often disguise malicious links, but you can see the real link in the preview.
• Email includes an external form.
• Promises enticing incentives if you do what is requested OR Threatens punitive action if you don’t do what is requested.

Common Phishing Schemes:

• Job Offer –
• Typically promises high pay for little work.
• Often references personal shopping, assistant, etc.
• Offer is “too good to be true”.
• Account Deletion –
• Claims that you have multiple accounts or accounts with multiple institutions.
• Claims that your account will be de-activated due to graduation, transfer, etc.
• Requests confidential information to resolve the issue.
• Withheld Financial Aid Funds/Refund –
• Requests you complete some action or provide some information before funds are released.
• May reference a refund in an amount or at a time you are not expecting.
• Claims to be from the Financial Aid or Business Office, but does not originate from a @shepherd.edu address used by those offices.
• Claims to be from BankMobile but does not originate from a valid BankMobile/BMTX email.