Duke ITSO Alerts

We've received a few reports of the following phishing attack:

 

 

 

The "LOGIN" link above redirects to the following non-Duke hosted form (used to steal credentials):

 

 

If you've received the message shown above, clicked the "LOGIN" link, and supplied credentials to the form, please immediately notify the OIT Service Desk at 919.684.2200

See below for a newly reported phishing attack targeting Duke:

 

 

The "CLICK HERE" link seen above redirects to the following form:

 

 

The form has been reported for abuse and will hopefully be taken down as soon as possible. In the meantime, anyone who receives the message, clicks the link, and supplies credentials should immediately notify the OIT Service Desk at 919.684.2200

Reports of a BlackBoard associated phishing attack have been circulating across campus this afternoon. If you've received a message similar to the one below, please be advised that it is an attack and should be discarded immediately:

 

 

As indicated above, the redirect points to a non-Duke domain hosting the form seen below:

 

 

 

Again, this is a fraudulent message and is not a valid BlackBoard login page. If you've received this message, clicked the link, and supplied credentials, please notify the OIT Service Desk immediately by calling 919.684.2200.

Another phishing attack has been reported this morning. See the message below:

 

 

The "LOGIN" link above takes you to the non-Duke page seen below, an intentional clone of the University WebMail/Email Access page:

 

 

 

If you've received this message, clicked the link, and provided Duke credentials, please contact the OIT Service Desk at 919.684.2200 immediately for assistance.

 

 

Multiple reports of the following phishing attack have been reported this morning (screenshot of the message below):

 

 

As identified in the picture above, the target destination of the URL "CLICK HERE" is a non-Duke domain. Clicking the link takes you to the following page:

 

 

 

As always, if you've received the message, clicked the link, and supplied Duke credentials, please immediately contact the OIT Service Desk at 919.684.2200 for assistance.

Reports of the following phishing attack began coming in during lunch:

 

 

The URL in this message points to a non-Duke domain hosted in Hungary (see screenshot below):

 

 

If you've received this message, clicked the link, and supplied credentials please notify the OIT Service Desk immediately by calling 919.684.2200

Reports of a new phishing attack from early this morning... The following message was forwarded to security:

 

 

Notice the "click here" link does not redirect to a Duke domain, rather a page currently hosted in Argentina. Clicking the link takes you to the following OWA cloned page:

 

 

Depending which browser is used and how settings are configured, you may experience cert notifications warning about security of the site. The following was a warning received during our investigation:

 

 

Again, this site is in no way related to Duke and anyone receiving the message should discard and delete from your inbox. For any who have received this message, clicked the link, and supplied Duke credentials, please notify the OIT Service Desk by calling 919.684.2200 immediately.

Multiple reports of the following phishing attack were reported late yesterday afternoon:

 

 

The URL ("LOGINHERE") redirects to a form hosted on a Belgium domain:

 

 

If you received this message, clicked the link, and supplied Duke credentials, please immediately contact the OIT Service Desk at 919.684.2200 for assistance.

The following phishing attack was reported:

 

 

Following the link in the message directs the user to the following form:

 

 

We ask that any who have received the message, clicked the link, and provided credentials to please notify the OIT Service Desk at 919.684.2200 immediately.

We've received a report of the following phishing attack purportedly related to Duke WebMail.

 

 

The "CLICK MY ACCOUNT" link above will redirect to a non-Duke hosted page (on the t15.org domain) which has been crafted as a clone to the University Email Web Access page. See the screenshot below:

 

 

We ask that anyone who has received the message, clicked the link, and supplied credentials to the page to please notify the OIT Service Desk immediately by calling 919.684.2200

Pages