Phishing Attack "Incident ID: 39187303" (Nov 04, 2013)

We're receiving multiple reports of supposed Microsoft Outlook "Incident IDs" asking the recipient to reconfigure their Outlook info. Emails appear similar to the one below:

 

 

Clicking the link will redirect the recipient to an Outlook Web App login page (notice the URL is in no way related to Duke):

 

 

Providing the info will submit credentials to the attacker then redirect to a legitimate OWA login page. We're asking that anyone who has received the phishing attack and supplied NetID credentials, to please notify the OIT Service Desk immediately at 919.684.2200