Recurring Phishing Tactics
Email phishing attacks at ODU have used a few recurring ways to scam users, to steal credentials, or to deliver malware.
SCAMS: Recent scams have included some form of email impersonation, using the name of a trusted or senior associate at ODU, or using a topic designed to evoke an emotional response, such as a claim of an incorrect charge to a credit card or account. Once the individual responds, they may either buy some gift cards or be lured into a phone support scenario in which the scam is played out.
CREDENTIAL THEFT: Attacks use SharePoint or other familiar login page, including renderings of ODU’s Office 365 or ODU’s MIDAS/Monarch Key login page to trick the user into entering credentials. Once entered the credentials have been stolen.
MALWARE: Attacks use SharePoint files to host phishing links, inserting the malicious SharePoint link into a file rather than the email itself in attempts to bypass Office 365 built-in security protections.
Phishing attacks are designed to be visually indistinguishable from work-related emails that appear safe or are designed to evoke an emotional response before taking the time to notice the tell-tail signs of a phishing attack.
Here are some best practices to protect yourself from recent phishing attack techniques:
1. Be skeptical of any email subject line that capitalizes on buzzwords for workplace stress, like URGENT or ACTION REQUIRED, or that claim to make a large charge to your account, or that urge action on an emotional topic.
2. Be suspicious of URLs in the body of the email or in an attachment. Type in URLs to trusted websites versus clicking on links that may mask the true URL destination.
3. When presented with a login page, look at the URL to see if it is actually hosted by the service it is asking you to log into. If the URL looks unfamiliar, take precaution before proceeding.
4. If you receive an unexpected or uncharacteristic email from someone at your organization, contact them directly to ensure they actually sent it, especially those that ask if you are available for an urgent request.
5. If you enter MIDAS credentials, then realize it was a mistake, change your MIDAS credentials immediately and inform the IT Security Office via ITSHelp@odu.edu.
6. Use Two-Factor Authentication to protect your personal and ODU accounts.
7. If you receive a two-factor prompt, but you are not logging in to an ODU application, DECLINE the prompt. This is likely an indication that your account is compromised, and you need to change your MIDAS password.
For more information on cybersecurity, please visit our awareness page at www.odu.edu/safecomputing. Thank you for your continued diligence in maintaining a more secure ODU computing environment!
J. Douglas Streit, CISSP
Executive Director & CISO
IT Security & Planning
Information Technology Services
Old Dominion University
http://www.odu.edu/directory/people/j/jstreit
Posted By: John Streit
Date: Sun Aug 14 07:26:17 EDT 2022