Skip to main content


Repost Message will copy the article into draft mode and enable you to edit/change dates and information.
Do not change the dates of this posting because it will affect the original.

MCC Daily Tribune

Tech Alert: Beware of Medusa - Keep Your Accounts Secure

You probably read or heard that the FBI has recently issued alerts about Medusa ransomware threat. This attack is targeting Outlook and Gmail accounts with phishing emails. As always, be wary of links and attachments sent via email and text.

Experts recommend the following to help keep your accounts safe:

  1. Use long (at least 14 character) passwords. It is best to use a password manager to store passwords.
  2. Enable multi-factor authentication (MFA) on accounts.
  3. Use an authenticator app for MFA – do not use text (SMS) or voice for authentication.
  4. Keep your software up to date.
  5. Back up data and information in another drive.

Here are some red flags to look for in the sender's email to help identify phishing emails:

  • Is the request urgent? (I am in a meeting and can't get to this right now, so need you to do something for me as soon as possible!)
  • Does the request ask that you buy something, such as gift cards, that they supposedly will reimburse you for later?
  • Is the "from" email address @monroecc.edu or does it say something else like monroecc.edu@gmail.com?
  • Is there a phone number in the signature that looks nothing like an MCC phone number?
  • Is the warning banner on the email indicating it originated outside of the MCC email system?

The yellow warning banner is an additional clue to help you evaluate the email message. It says that the email did not originate in the MCC employee email system (@monroecc.edu). However, the presence or absence of the banner is not enough to tell you whether or not an email is phishy.

  • If the email contains the banner but appears to come from an @monroecc.edu email address, that tells you that it did not actually come from an internal employee email account. This is phishy!
  • However, don't assume that the absence of the banner guarantees it is authentic. Sometimes, particularly with sophisticated spearphishing scams, the emails get through without the banner even though they do originate outside. Check for the red flags above!
  • Finally, don't assume that just because there is a warning banner that the email is dangerous. If the email came from an external party (not from @monroecc.edu), then it should contain the banner.

Never reply to suspicious emails or provide your personal or MCC information. Do not pay for anything without independently confirming the request is from the person from whom it appears to be. In all cases, if you are unsure of the authenticity of an email, call the sender or send a direct email (not a reply) to verify.

Note!!  If you have clicked on anything within an email that you believe is phishing, call the Technology Support Line immediately

To contact Employee Technical Support, call 585-292-8324, option 3, Monday thru Friday, 8:45am to 4:45pm.

Ann Penwarden
Computing & Information Technology Services
03/20/2025