Phishing Attack Targeting Duke Email Users (December 3, 2012)

 

This morning an attacker launched a phishing attack targeting Duke email users. The message is entitled "Duke University New Outlook Web App (OWA)" and requested the user to click on a link called "Outlook Web App (OWA) to access their mail account.  

 

If you click on the link, you are taken to a non-Duke site and asked for your Duke netID and password.  The site looks very similar to Duke's Outlook Web Access site, but it is a fraud, as indicated by the website's address: "http://exchange -duke.yzi.me/." 

 

If you submitted your credentials to this form, please contact the OIT Service Desk or the Duke IT Security Office immediately.

 

OIT Service Desk:

(919) 684-2200

help@oit.duke.edu

http://oit.duke.edu/help/

 

Duke IT Security Office

security@duke.edu

https://security.duke.edu

 

The message looks like the following: