...
It is important to note that neither KITS nor IS&T will ever ask for your password or send an unprompted email to you with a direct link to reset your password, and you should never share your account credentials via voice or text with anyone. In cases like this, if it looks suspicious, it almost certainly is and we do ask that you forward these to ki-help@mit.edu and phishing@mit.edu as an attachment so we can follow up with the IS&T Security Team. If you are an Outlook user, you can also report these directly from the Phish Alert button in the app.
The MIT Community is a popular target for scammers and phishing attempts, and our attackers have several strategies they employ to try and trick recipients. These may include downloading malicious attachments, clicking links that advise you to change your password through fake login pages, requesting your password via plain text or phone, or pretending to be from IS&T’s Service Desk, Microsoft Support, Google Support, or Apple Support via email or phone in an attempt to work with you via remote session and gain access to your computer.
...