Duke ITSO Alerts

We've received one report of the following attack seen early this morning:

 

 

The target destination didn't appear to load and has likely been taken down by the hosting party. Nevertheless, if you see a similar message, be advised it is fraudulant and should be report to your local Service Desk.

A second phishing attack has been reported this morning:

 

 

The link above points to the following hosted form:

 

 

The page has been reported for abuse. In the meantime, anyone who's received the message, clicked the link, and supplied info to the form should contact the OIT Service Desk at 919.684.2200

The following phishing attack was reported this morning:

 

 

Luckily for Duke, the attackers neglected to enter the target URL correctly, leaving out a "-" which prevents the page from loading. The intended target form appears as:

 

 

We're notifying the hosting party, asking that the form be taken down ASAP. For questions, please contact the OIT Service Desk at 919.684.2200

We've received multiple reports this afternoon from individuals that received the following phishing attack:

 

Investigation is underway and the hosting site has been notified to take the page offline. We ask all who received the message, visited the site, and provided Duke info to please contact the OIT Service Desk at 919.684.2200 immediately.

We're seeing multiple reports of phishing attacks purportedly from Verizon Wireless claiming the recipients' accounts have been locked. If you receive the following message, notice the "Sign in to My Verizon" link points to a non-Verizon related site.

 

 

Visiting the site takes you to a cloned page that may appear legit, though notice you are redirected once again to a non-Verizon site:

 

 

If you've attempted to authenticate to this site, you should immediately take action to update your account.

Reports of the following phishing attack have been reported this morning:

 

 

Notice the non-Duke sender and the non-Duke target destination of the "CLICK HERE" URL. That address directs you to the following form:

 

 

If you received the message, clicked the link, and provided Duke info, please notify the OIT Service Desk immediately at 919.684.2200

Reports of the following phishing attack were received after business hours on Tuesday 2/4:

 

 

Looking at the message above, two key indicators that the message is fraudulant are 1) the non-Duke sender and 2) the non-Duke target URL. If you were to visit the target URL, you're presented with the following form:

 

 

We ask that if you received the message, clicked the link, and provided info related to Duke accounts, that you immediately contact the OIT Service Desk at 919-684-2200

We've received word this morning of what appears to be a CS targeted phishing attack. Anyone who received the following email should discard immediately or notify the OIT Service Desk if you visited the site and provided NetID credentials:

 

 

That bitly URL can be expanded to a Yolasite hosted form as seen below:

 

 

The form has been reported for abuse to be taken down as soon as possible. We're also blocking access to the site from university networks.

On Saturday, we saw a phishing attack purportedly from Duke HR tempting recipients with a message of a pay raise. If you received the following, please be advised that it was not a legitimate communication and should be discarded.

 

 

If you received the message, visited the link, and provided NetID credentials, please contact the OIT Service Desk immediately at 919.684.2200

We received multiple notifications this morning about emails purportedly from Delta Airlines regarding a credit card purchase of tickets for an upcoming flight. In the two different messages seen so far, two different links are provided. The first link, supposedly pointing to the location to download and print off tickets, is in both cases pointing to non-Delta sites linking to .ZIP files suspected to contain malicious payloads. If you receive a message simliar to either posted below, please disregard immediately.

 

 

 

For anyone who has accessed the link, downloaded the .zip file(s), and tried to access, we ask that you please notify local support and/or the OIT Service Desk as we strongly suspect the payloads to contain malware.

Pages