Duke ITSO Alerts

The Duke University IT Security Office has received multiple notifications of a recent Phishing email that is circulating through the Duke community. If you have received this email, clicked on the link and provided your username and password then we recommend that you contact the OIT Service Desk at 919-684-2200 and they can assist you in updating your information.

Below is the email that is being seen.

The link in the email redirects to a site that is hosted at gpgac.com.

Overnight and early this morning, Duke has seen an increase in reported phishing attacks. Screenshots of a couple of attacks are posted below:

 

If you receive a suspicious message, please forward the original message in it's entirety to security@duke.edu following the steps identified below:

1 - Open a new email in Outlook

2 - Address the new email to security@duke.edu

3 - Enter Subject "Suspected Phishing Email – Subject: New Upgrade"

4 - Drag & Drop the original email from your Inbox/Deleted Items folder into the body of the new email - This will create an attachment

5 - Send

 

This will facilitate a full forensic analysis of the origin and contents of the email.

 

As always, anyone who receives this type of message, clicks the link(s), and enters NetID/password should immediately contact the OIT Service Desk at 919.684.2200 for assistance.

 

Various reports are coming in this afternoon pertaining to a new run of phishing emails. The subjects are varied, though the majority contain the words "New Message" in the Subject line (variants include, but are not limited to:  Good Afternoon :- New Message AND DUKE :- New Message). A screen capture of one such message is seen below:

 

 

If you've received a similar message, clicked links, and supplied credentials to the hosted login forms, please notify the OIT Service Desk immediately by calling 919.684.2200

Reports are coming in this afternoon of a 2 new phishing attacks with the subject lines:  "New Message" and "HELLO". While slightly different in wording, and different target destinations, both links ultimately redirect to the same OWA cloned login page. See a copy of the messages below:

 

and

 

The target destination of each (either directly linked or redirect) points to a cloned Exchange/Outlook Web App (OWA) login page:

 

 

If you received the message, clicked the link, and supplied credentials, please notify the OIT Service Desk at 919.684.2200

The Information Security Offices at Duke are receiving multiple reports this morning of a new phishing attack. A screen capture of the email is shown below:

Visiting the "Download voice mail" link delivers a zip file containing malware, without presenting a website.

We ask that anyone who receives this message, clicks the link, and supplies credentials to immediately notify the OIT Service Desk at 919.684.2200 for assistance.

The Information Security Offices at Duke are receiving multiple reports this morning of a new phishing attack. A screen capture of the email is shown below:

 

 

Visiting the link referenced in the message above takes one to the following (non-Duke) hosted login form:

 

 

We ask that anyone who receives this message, clicks the link, and supplies credentials to immediately notify the OIT Service Desk at 919.684.2200 for assistance.

The ITSO has received multiple alerts of a Phishing email that is being circulated throught the Duke community. This email claims to be from Duke Library Services, the link in the email redirects to a clone of the Duke Library website. If you have recieved this email, clicked the link, and provided credentials we recommend you contact the OIT Service Desk ASAP to reset your account password and update your information. The OIT Service Desk can be reached at 919-684-2200.

This screenshot of the email shows that the URL in the email redirects to another URL.

_____________________

The screen shot below shows the cloned Duke Library website. Notice that the site is hosted on a non-Duke domain, cacu.tk.

The ITSO is investigating reports of a new phishing attack targeting the Duke community. Multiple reports have been received regarding multiple messages being received with the subject line: "1 New Message". A screen capture of the message is seen below:

 

 

The target destination seen above is obviously a non-Duke domain. When clicking this link, you are in fact redirected to yet another non-Duke domain which is hosting a cloned Exchange / Outlook Web App (OWA) login page (see below):

 

 

Please contact the OIT Service Desk immediately at 919.684.2200 if you have received a message similar to the one above, clicked the link, and supplied credentials to the form.

The ITSO has receive a report of the following phishing attack purportedly from the "IT Help Desk":

 

 

A screenshot of the hosted form can be seen below (the site has been reported and should be taken down very soon):

 

 

Anyone that received the message, clicked the link, and supplied credentials should immediately notify the OIT Service Desk at 919.684.2200

The ITSO has received notifications of a Phishing email that seems to be circulating through the Duke community. The email looks to be from a Duke email address and it routes you to a page that is made to look like Dukes' login page. If you received this email, clicked on the link and provided your NetID and Password then we recommend you contact the OIT Service Desk immediately so that they may assist you in updating your information. OIT Service Desk can be contacted @ 919.684.2200 or at The Link Service Desk in lower level 1 of Perkins Library.

 

 

Note that the link in the email above forwards to the page below. This page is hosted at wix.com instead of duke.edu.

 

Pages