Duke ITSO Alerts

The ITSO is investigating reports of a new phishing attack targeting the Duke community. Multiple reports have been received regarding multiple messages being received with the subject line: "1 New Message". A screen capture of the message is seen below:

 

 

The target destination seen above is obviously a non-Duke domain. When clicking this link, you are in fact redirected to yet another non-Duke domain which is hosting a cloned Exchange / Outlook Web App (OWA) login page (see below):

 

 

Please contact the OIT Service Desk immediately at 919.684.2200 if you have received a message similar to the one above, clicked the link, and supplied credentials to the form.

The ITSO has receive a report of the following phishing attack purportedly from the "IT Help Desk":

 

 

A screenshot of the hosted form can be seen below (the site has been reported and should be taken down very soon):

 

 

Anyone that received the message, clicked the link, and supplied credentials should immediately notify the OIT Service Desk at 919.684.2200

The ITSO has received notifications of a Phishing email that seems to be circulating through the Duke community. The email looks to be from a Duke email address and it routes you to a page that is made to look like Dukes' login page. If you received this email, clicked on the link and provided your NetID and Password then we recommend you contact the OIT Service Desk immediately so that they may assist you in updating your information. OIT Service Desk can be contacted @ 919.684.2200 or at The Link Service Desk in lower level 1 of Perkins Library.

 

 

Note that the link in the email above forwards to the page below. This page is hosted at wix.com instead of duke.edu.

 

At least one report so far this morning of a new phishing attack, purportedly related to Blackboard (see message screen capture below):

 

 

As seen above, the destination URL of the "Click Here" link points to a non-Duke hosted site (see below for a screen capture of the hosted form/login page):

 

 

Anyone who has received this message, clicked the link, and supplied login information should immediately contact the OIT Service Desk at 919.684.2200 for assistance.

Reports of a new Duke targeted phishing attack began coming in shortly after lunch this afternoon. The message is captured below:

 

 

The target of the link above points to what appears to be an Exchange/Outlook Web App login screen. Notice the landing page reflects the verbage "exchange.duke.edu" yet the site is actually hosted on a .nz domain:

 

 

Anyone that received this message, clicked the link, and supplied credentials to the page above should notify the OIT Service Desk at 919.684.2200 immediately.

The ITSO has received multiple notifications of a Phishing email in the Duke Community. This email is constructed very well in an attempt to steal you login credentials. Please be aware this email is malicious and should be discarded if received. If you received the email, clicked the link and submited your username and password then we recommend you contact the OIT Service Desk immedaitley for assistance with updating your account information, they can be reached at 919.684.2200.

Note the URL in the email links to a website hosted at "1edu.in" and not at "duke.edu".

The URL above redirects to the url show in the image below  which is hosted at "login1.in" and again not "duke.edu". Also note the spelling of OIT "oiit", we have also seen another variation of this same attack hosted at shib.oit.edu/login1.

The Duke ITSO has received notices of an email that may be going through the Duke Community. This email is a Scam and should be discarded if you receive it. This sort of Scam is an attempt to get you to give them your personal information eventually in an attempt to receive some sort of payment. If you replied to this email and received a response back with any information that may assist in identifying the source then we ask that you forward it to us @ security@duke.edu.

 

Reports have been received this afternoon concerning the phishing attack seen below:

As always, you should never send sensitive information like your password or SSN through e-mail, and no Duke employee or service will *ever* ask you for your password in an e-mail. If you've received this message and replied with Duke credentials, please contact the OIT Service Desk at 919.684.2200 immediately for assistance.

Reports have been received this afternoon concerning the phishing attack seen below:

 

 

As indicated above, clicking the Link redirects to a non-Duke domain. In this particular case, that site then redirects to yet another non-Duke site configured to clone an Outlook Web App login page (see below):

 

 

If you've received this message, clicked the link, and supplied Duke credentials to the form, please contact the OIT Service Desk at 919.684.2200 immediately for assistance.

The IT Security Office is receiving reports of a phishing attack aimed at Duke users.  If you've received a message similar to the one below, please be advised that it is a phishing attack and should be discarded immediately. If you've received the message, clicked the link, and supplied credentials, please immediately contact the OIT Service Desk at 919.684.2200 for assistance.

Below is a copy of the email that has been sent out.


 

The link in the email forwards to a website that it not hosted at Duke, not the domain is creadoresenmovimiento.org instaead of duke.edu.

Pages