Email Attack - "EDU Registration/Update Confirmation" (June 30, 2013)

The ITSO received a notification of an email circulating across campus over the weekend in which the URL redirect contained in the message is already being blocked from University addresses as it has been identified in the past as a part of malware botnet. The rediret shouldn't be accessible on a university side network; however, anyone off campus that received the message would be able to visit the site. As of this posting, we're not certain if the page hosts a form requesting credentials, if the page is pushing malicious payloads back to the viewer, or both. We strongly advise you discard the email and not attempt to visit the site. If you or anyone you know has visited the site, please notify the ITSO or the OIT Service Desk.

 

For those interested, the email is captured below:

 

OIT Service Desk
919.684.2200

 

IT Security Office
security@duke.edu