Phishing Attack "Good News!" (July 17, 2013)

Reports this afternoon of yet another phishing attack aimed at the Duke community.


The message at first glance appears to be from a Duke account but futher investigation shows the actual email is not from the Duke domain. The subject of "good news" and a generic message saying a private message from a supposed "head" of the department attempts to trick recipients into clicking a non-Duke link. A common tactic in phishing is to use a domain link that appears to be related to the target organization, in this case the subdomain webmaildukeedu is used but please note that the actual website is A screenshot of the message is provided below:




This link takes you to a non-Duke hosted form designed to harvest NetIDs and passwords.  See the screenshot of the form below:




These types of external sites are showing up more and more. We report abuse claims as soon as the pages are identified. Unfortunately, since they're hosted by outside parties, we're reliant on them taking action and these types of pages remain active much longer than what we'd like. The best action we can take is to raise awareness in hopes that we prevent the Duke community from providing personal information. If you have questions or receive similar phishing messages, please report them to the IT Security Office. If you have visited the form and supplied your NetID and password, please contact the OIT Service Desk immediately.


IT Security Office


OIT Service Desk