Duke ITSO Alerts

Reports are coming in this afternoon of a 2 new phishing attacks with the subject lines:  "New Message" and "HELLO". While slightly different in wording, and different target destinations, both links ultimately redirect to the same OWA cloned login page. See a copy of the messages below:

 

and

 

The target destination of each (either directly linked or redirect) points to a cloned Exchange/Outlook Web App (OWA) login page:

 

 

If you received the message, clicked the link, and supplied credentials, please notify the OIT Service Desk at 919.684.2200

The Information Security Offices at Duke are receiving multiple reports this morning of a new phishing attack. A screen capture of the email is shown below:

Visiting the "Download voice mail" link delivers a zip file containing malware, without presenting a website.

We ask that anyone who receives this message, clicks the link, and supplies credentials to immediately notify the OIT Service Desk at 919.684.2200 for assistance.

The Information Security Offices at Duke are receiving multiple reports this morning of a new phishing attack. A screen capture of the email is shown below:

 

 

Visiting the link referenced in the message above takes one to the following (non-Duke) hosted login form:

 

 

We ask that anyone who receives this message, clicks the link, and supplies credentials to immediately notify the OIT Service Desk at 919.684.2200 for assistance.

The ITSO has received multiple alerts of a Phishing email that is being circulated throught the Duke community. This email claims to be from Duke Library Services, the link in the email redirects to a clone of the Duke Library website. If you have recieved this email, clicked the link, and provided credentials we recommend you contact the OIT Service Desk ASAP to reset your account password and update your information. The OIT Service Desk can be reached at 919-684-2200.

This screenshot of the email shows that the URL in the email redirects to another URL.

_____________________

The screen shot below shows the cloned Duke Library website. Notice that the site is hosted on a non-Duke domain, cacu.tk.

The ITSO is investigating reports of a new phishing attack targeting the Duke community. Multiple reports have been received regarding multiple messages being received with the subject line: "1 New Message". A screen capture of the message is seen below:

 

 

The target destination seen above is obviously a non-Duke domain. When clicking this link, you are in fact redirected to yet another non-Duke domain which is hosting a cloned Exchange / Outlook Web App (OWA) login page (see below):

 

 

Please contact the OIT Service Desk immediately at 919.684.2200 if you have received a message similar to the one above, clicked the link, and supplied credentials to the form.

The ITSO has receive a report of the following phishing attack purportedly from the "IT Help Desk":

 

 

A screenshot of the hosted form can be seen below (the site has been reported and should be taken down very soon):

 

 

Anyone that received the message, clicked the link, and supplied credentials should immediately notify the OIT Service Desk at 919.684.2200

The ITSO has received notifications of a Phishing email that seems to be circulating through the Duke community. The email looks to be from a Duke email address and it routes you to a page that is made to look like Dukes' login page. If you received this email, clicked on the link and provided your NetID and Password then we recommend you contact the OIT Service Desk immediately so that they may assist you in updating your information. OIT Service Desk can be contacted @ 919.684.2200 or at The Link Service Desk in lower level 1 of Perkins Library.

 

 

Note that the link in the email above forwards to the page below. This page is hosted at wix.com instead of duke.edu.

 

At least one report so far this morning of a new phishing attack, purportedly related to Blackboard (see message screen capture below):

 

 

As seen above, the destination URL of the "Click Here" link points to a non-Duke hosted site (see below for a screen capture of the hosted form/login page):

 

 

Anyone who has received this message, clicked the link, and supplied login information should immediately contact the OIT Service Desk at 919.684.2200 for assistance.

Reports of a new Duke targeted phishing attack began coming in shortly after lunch this afternoon. The message is captured below:

 

 

The target of the link above points to what appears to be an Exchange/Outlook Web App login screen. Notice the landing page reflects the verbage "exchange.duke.edu" yet the site is actually hosted on a .nz domain:

 

 

Anyone that received this message, clicked the link, and supplied credentials to the page above should notify the OIT Service Desk at 919.684.2200 immediately.

The ITSO has received multiple notifications of a Phishing email in the Duke Community. This email is constructed very well in an attempt to steal you login credentials. Please be aware this email is malicious and should be discarded if received. If you received the email, clicked the link and submited your username and password then we recommend you contact the OIT Service Desk immedaitley for assistance with updating your account information, they can be reached at 919.684.2200.

Note the URL in the email links to a website hosted at "1edu.in" and not at "duke.edu".

The URL above redirects to the url show in the image below  which is hosted at "login1.in" and again not "duke.edu". Also note the spelling of OIT "oiit", we have also seen another variation of this same attack hosted at shib.oit.edu/login1.

Pages