Active smishing campaign targeting TMU community members — do not click links in suspicious texts.

IT has identified a text message phishing campaign (“smishing”) using TMU branding to trick recipients into clicking a malicious link.

Actual fraudulent message received by a TMU community member

Screenshot of a fraudulent SMS message impersonating TMU. Recipient name has been redacted.

Note the link domain — TMU will never send compensation or benefits links from a third-party address like kvo1.io. All legitimate TMU links point to masters.edu. Recipient name redacted.

Never enter credentials on a link received via text

If any link — received by text, email, or any other channel — asks you to sign in with your TMU username and password or your Paycom login, do not proceed. Exit immediately and report it to IT.

Attackers frequently clone login pages for systems TMU staff use daily. Legitimate TMU systems will never ask you to authenticate via a link sent in an unsolicited text message.

● masters.edu login ● paycom.com login

If you are redirected to a login page for either of these systems from a text link, treat it as fraudulent regardless of how legitimate it appears.

Red flags to watch for


Link domain does not end in masters.edu

Any link sent by TMU systems will point to a masters.edu address. An external domain in a TMU-branded message is a definitive red flag — do not tap it.


Urgency around compensation, benefits, or account status

Attackers create pressure to act quickly. TMU HR and Payroll will never ask you to confirm sensitive information through an unsolicited text link.


A TMU email address appears in the text body

Displaying a legitimate-looking address like benefits@masters.edu at the start of a text is a common spoofing tactic. It has no bearing on who actually sent the message.


Shortened or unfamiliar URL

Shortened links obscure the real destination. If you cannot verify where a link leads before tapping it, do not tap it.


Login prompt for masters.edu or Paycom

Any page reached via a text link that asks for your TMU or Paycom credentials is fraudulent. Exit the page immediately without entering any information.

What to do if you receive a message like this

1

Do not tap the link

Even loading the page can expose your device to risk. Close and dismiss the message.

2

Do not enter any credentials or personal information

If you have already tapped the link but have not entered anything, exit the page immediately. TMU will never ask you to log in or confirm sensitive information through an unsolicited text.

3

Screenshot and report it to IT

Email servicedesk@masters.edu with a screenshot. Your report helps us track the campaign and protect others.

4

If you entered credentials, contact IT immediately

Do not use that device for institutional accounts (email, portal, Paycom, network drives) until IT has assessed it. If you entered your Paycom password, contact Paycom support as well. Early reporting greatly reduces potential impact.

5

Block and report the number on your device

Blocking the sender and marking it as junk helps mobile carriers identify and reduce smishing traffic for everyone.

Questions or concerns? We're here to help.

IT Service Desk

When in doubt, verify directly. If you are unsure whether a message claiming to be from TMU is legitimate, contact HR or IT before taking any action. TMU will never penalize you for pausing to verify. — IT Service Management & Security, The Master's University.