Over the past few days there has been an increased number of Marshall University user account compromises. This is often in the form of a job offer with a link to a Google form that will ask you to enter your username and password along with your phone number. Once the attacker has your log in credentials they will then text you telling you that your MU account will be disabled unless you reply with a “verification code”. This verification code is the MFA alert from the attacker logging in. If the MFA code is provided to the attacker they will then have full control of the account. Once the threat actor is in our email system, they will start sending out phishing messages from your account to our users. The ultimate goal of the threat actor is to obtain your banking information as a way to “pay” you for a job offer.
Things to look out for:
• Do not reply to the text message. The person you are talking to is trying to trick you into giving them your MFA code. If you are contacted by this person, they likely already have your password. You can change your password by going to Self-Service Password Reset – (marshall.edu)
• If you receive an email about a part-time job/temp position that contains the text “Copy and paste the URL Below into the address bar of your web browser to submit application: ( shorturl.at/xxxx )” do not go to the URL. If you receive a message like this, forward the message to phishing@marshall.edu or use the Outlook, Report Message, Phishing function.