Recent Phishing Attacks
Over the past several months, the Office of Information Technology has seen an influx of fraudulent “phishing” messages, many which appear urgent, and are designed to trick account holders into clicking a link (or in some cases, replying to an email) and providing a username and password.
In most cases, these emails have been sent from other Marshall University account holders who have already been victims of these fraudulent messages and thus have had their accounts compromised. Once an account is compromised, it is then being used by a cyber-criminal to distribute more phishing messages to other MUNet/Office365 account holders.
Since the messages are coming from @marshall.edu or @live.marshall.edu addresses, the recipient is more likely to trust the sender and be tricked into clicking a link and logging in to what they think is a legitimate web page. Many of these web pages are designed to look like authentic Marshall University, Microsoft, or financial institution login pages, but are actually capturing credentials.
Prevention and Education
The IT department is doing their best to catch compromised accounts before more phishing messages can be distributed, however, the best way to protect yourself and others is to use caution when checking your email.
ALWAYS be suspicious of any unexpected email messages, regardless of the source, which include file attachments, web URLs, or are written with a sense of urgency and require you to provide credentials or other personal information.
Below are a few examples of recent phishing messages. Notice that each includes hyperlinked text which, when the mouse is hovered over, reveals a web address that is NOT a marshall.edu or microsoft.com address. Also, these messages have a sense of urgency and ask that the recipient verify information. Marshall University will never send you unsolicited email asking you to verify your password or personal information, nor will any other trusted organization.
If You Receive A Fraudulent Email
- (Optional) Report a suspicious email sent to your @marshall.edu or @live.marshall.edu email address by forwarding the message to firstname.lastname@example.org. YOu will receive an auto-reply confirming receipt of the message as well as additional instructions.
- Delete the message from your inbox
- As long as you did not attempt to open the attachment, reply/click on the web link, or provide any personal information, no additional action is needed; however…
- If you attempted to open an attachment or visited a website where you submitted your username, password or other sensitive information, you should immediately contact the Marshall IT Service Desk at (304)-696-3200 / email@example.com.
Protecting Yourself From Email Fraud(AKA Phishing)
InfoSec Tips #7: Don’t Be Tricked