Duke ITSO Alerts

Our latest observed phishing attack purports that the recipients "mailbox is almost full" prompting for a login to update web mail (see screen capture below):

 

 

Visiting the "Update Web Mail" link seen above will take you to a non-Duke hosted clone of our login page (as seen below):

 

 

Notice the URL does not start "https://shib.oit.duke.edu/".

 

***Update***

Shortly after the initial message, we received reports of a 2nd attack with slightly modified target URL (see below):

 

******

 

We ask that anyone who has received this message, clicked the link, and supplied NetID credentials to please notify the OIT Service Desk immediately by calling 919.684.2200

The Duke University IT Security Office has received multiple notifications of a new Phishing email that is circulating throughout the Duke community. If you received this email, clicked on the link and provided your NetID and Password then we ask that you contact the OIT Service Desk immediatley. They can be reached @ 919.684.2200.

Below is a copy of the email.

 

Below is screen shot of the site that the link in the email redirects to. **Note** This site is hosted on the "mehmetakifarastirmalari.com" domain and not on the "duke.edu" domain.

Reports this morning of a phishing attack purportedly from the CS department regarding the verification of "Email NetID Services". Please be advised, this is a fraudulent message and should be discarded and avoided. If you've received a message similar to the one below and clicked through the links and supplied credentials, please notify support:

 

 

Though the message claims to be from Duke and links to "WebMail" the destination of the URL is actually a non-Duke site (see below):

 

 

As mentioned above, if you received this message, clicked the link, and supplied credentials, please immediately notify the OIT Service Desk at 919.684.2200

The ITSO has received a report of the following phishing attack:

 

 

As seen above, hovering over the "Click Here To Read" hyperlink points you to the following non-Duke hosted form used to harvest NetID credentials:

 

 

Please notify the OIT Service Desk at 919.684.2200 immediately if you received the message, clicked the link, and entered your NetID & password.

Reports of a new  phishing attack are cycling into the ITSO. The attack is specifically asking for banking account information which mimics attacker activity associated with past direct deposit fraud. If you receive the following message (or one of similar nature), be advised this is not a legitimate communication and should be discarded.

 

 

Clicking the link in that message results in the following cloned shibboleth / single sign-on page:

 

Please notify the OIT Service Desk at 919.684.2200 immediately if you receive this attack, click the link, and supply personal information.

Reports of a new BlackBoard targeted phishing attack have begun filtering into the ITSO. In this attack, the sending party routes an email with an attachment (CourseAdviser.htm).

 

Opening this attachment launches a web browser that shows the html document and presents us with the typical phishing message (see below):

 

The URL in this message redirects to the hosted form used to harvest credentials (see below):

 

This attack is targeting higher ed institutions using BlackBoard. While not Duke specific, we ask that anyone who has received this message, clicked the attachment and the link in the html file, and lastly entered NetID credentials in the phishing page, to please notify the OIT Service Desk immediately by calling 919.684.2200.

The Duke University IT Security Office has received multiple alerts of the below Phishing email, and others very similar to it in the last week, that is being circulated throughout the Duke community. If you received the email, clicked the link and submitted your NetID and Password then we recommend you contact the OIT Service Desk immediately for assistance with resetting your NetID password, they can be reached at 919.684.2200.
 

Below is a copy of the email that is being sent to Duke users. Note that if you hover over "Click" it will reveal the actual location of the page, it is not on the duke.edu domain.
 


 

Below is a screen shot of the site that the link in the email redirects the user to, again note that the url in the address bar shows that this site is not on the duke.edu domain.
 

The Duke University IT Security Offices have received multiple alerts of the below Phishing email that is being circulated throughout the Duke community. If you received the email, clicked the link and submitted your NetID and Password then we recommend you contact the OIT Service Desk immediately for assistance with resetting your NetID password, they can be reached at 919.684.2200.
 

Below is a copy of the email that is being sent to Duke users.
 

Below is a screen shot of the Phishing page. Note the url is on the .com.pl domain and not the duke.edu domain as it would be for a legitimate Duke service.
 

If you have any questions or concerns contact us at security@duke.edu.

Multiple reports have been filing in this morning concerning a new phishing attack. A screen capture of the message is posted below:

 

 

The destination URL appears to be a hosted Google Docs file. We are working to see if the form can be taken down by Google.

 

If you've received this message, clicked the link, and logged in with credentials please notify the OIT Service Desk immediately at 919.684.2200

The Duke University IT Security Offices have recevied multiple notifications of new Phishing messages circulating through the Duke community. We ask that if you received any of these messages, clicked the link and submitted you credentials, that you contact the OIT Service Desk for assistance with resetting your password. The OIT Service Desk can be reached at 919.684.2200

 

Below is a copy of the email:

The link in the email redirects to the below site. Note that this is not hosted on the duke.edu domain.

Pages