Phishing Attack "The Duke! Helpdesk" (July 8, 2013)

A slightly modified mailing of the phishing attack identified yesterday evening has begun circulating across campus this afternoon. Essentially the supposed timestamp and redirect URL are all that has been changed in the new mailing.

 

We often receive inquiries about how to discern a legitimate email from these types of attacks. A few key areas that I'd point out are:

1) The message doesn't specifically identify you in the To: address nor are you specifically addressed in the body of the message. This tactic is commonly seen in phishing emails as the message is sent to numerous recipients and is designed to to work against anyone.

 

2) The email was not sent from a Duke address. Often you'll see free email addresses used as the From: address. It's also common to see other entities compromised accounts used as the sending party. Please note, this field can be modified to appear to come from Duke and that should not be your only check against supsicious emails but is one place to check.

 

3) Notice the ! used after Duke in both the subject and in the body. Legitimate emails will be reviewed for errors and are very unlikely to have gramatical, spelling, or odd punctionation. Mistakes do happen, but seeing them is often a key point to raise suspicions, especially in conjunction with other odditites in the message.

 

4) The redirect URL points to a non-Duke address. Duke neither owns, nor operates Webs.com. A common tactic is to place the word Duke somewhere in the url to make it appear legitimate. If the URL doesn't end in duke.edu, it is not in our domain. (Please note you should mouse over the URL to ensure the redirect text matches the actual redirect link. Mousing over the URL will show you the link in which your browser will go after clicking the link).

 

See the new email text below:

 

 

The new Webs form (the redirect URL) can be viewed below:

 

 

 

If you or someone you know submitted info to the form, please contact the OIT Service Desk or the IT Security Office as soon as possible. Likewise, if you ever receive a suspicious email, play it safe and inquire with either group prior to submitting information.

 

OIT Service Desk
919.684.2200

 

IT Security Office
security@duke.edu