What is happening?
- MSU IT has detected suspicious activity involving the creation of new Venmo accounts registered with some MSU email addresses
- In this case, an unknown cybercriminal group is creating fraudulent Venmo accounts using MSU email addresses
- If your MSU email address was used, you may receive an email from Venmo to verify the new account
What do I need to do?
- If your MSU email account does receive an unsolicited Venmo email informing you of the creation of a new Venmo account:
- DO:
- Contact the MSU IT Service Desk as soon as possible at 517-432-6200
- Contact Venmo support to report the fraudulent account and reference case #33959785 at support@venmo.com
- DO NOT:
- Click the activation button/link in the email
- Attempt to login to the account or add your financial institution to the account
- DO:
- As always:
- Know that MSU IT will NEVER ask for your password via phone or email
- Be wary of unsolicited phone calls and emails
- Knowledge is your best defense against online threats
What are we doing about this issue?
- The MSU IT Information Security team is monitoring potential threats and risks to the university as the situation evolves
- MSU IT is contacting potentially targeted individuals via email to create awareness
Was my MSU email address compromised?
- At this time, there is no reason to suspect that any NetIDs or MSU email addresses have been compromised
- The purpose of these fraudulent Venmo accounts is unknown, but cybercriminals often leverage these accounts to hide stolen money or recruit “money mules” using them
- Accounts are not connected to your financial institution unless you access the account and manually add it
- It is likely that targeted email addresses are found on open, public-facing websites (e.g., online staff bios or directories)
- As always, if you have questions or concerns, please call the IT Service Desk (517-432-6200) to report a security incident
