ALERT: Active Phishing Campaign

  • Published: Tuesday, Aug. 17, 2021

Our Cybersecurity Operations Team sent this alert out through our cybersecurity listserv today.

Please be advised that we have received reports of compromised email accounts that are now being used to send phishing emails asking the recipient to log into a fake page for the purpose of stealing credentials. The email may come from a known sender and pass through the DKIM/SPF safeguard. The sender will want to share a document with you, and when you click on the link it will request you to log in.

These credentials are then stolen and used to phish other victims.

If you receive such an email, stop to ask yourself: Was I expecting something from this sender? If not, verify the identity of the sender and the request by composing a separate email to the sender.

Remember, NEVER click on a link that will request a sign in. Always go directly to the site by opening a browser and typing in the URL.

If you fall victim to this attack, change your password immediately. If you use that same password anywhere else, change it there too. It would also be a good idea to run an anti-virus scan on the user's device.

Best practices:

  • Use strong passphrases. The longer, the better.
  • Use unique passphrases for each app/site.
  • Never click on links that redirect to a login page.
  • Never respond to requests for money, gift cards or other critical data requests without first verifying the request in person.
  • If you receive a suspicious email, follow your organization's reporting procedure. Chances are more than one of you received the same thing.

Please contact MOREnet Cybersecurity, [email protected], if you have any questions or concerns.