Phishing Attack - "Subject: Important Salary Update" - (July 19th 2014)

We've recieved reports of a new phishing message that is specifically targetting Duke users and is asking for bank account info.  If you received this message, clicked on the link, and provided information please contact the OIT Service Desk at (919) 684-2200 immediately. 

The emails look like:

----------------------------------------------

 

From: DUKE-HR <employeebenefits@duke.edu<mailto:employeebenefits@duke.edu>>
Date: July 19, 2014 at 11:54:32 EDT
Subject: Important Salary Update

Hello,

The University is having a salary increment program again this year with an average of 2.5%

The Human Resources department evaluated you for a raise on your next paycheck.

Click below to confirm and access your salary revision documents:

Click Here <hxxp://dk42.ru/www.duke.edu/Login.htm> to access the documents

Sincerely,

Human Resources

Duke University

--------------------------------------------------

 

The link in the page (note that the url points to a Russian server instead of http://duke.edu/) points to a page that looks like the following.

Note the field asking for bank account info.