Phishing Attack Targeting Duke Email Users (December 3, 2012)


This morning an attacker launched a phishing attack targeting Duke email users. The message is entitled "Duke University New Outlook Web App (OWA)" and requested the user to click on a link called "Outlook Web App (OWA) to access their mail account.  


If you click on the link, you are taken to a non-Duke site and asked for your Duke netID and password.  The site looks very similar to Duke's Outlook Web Access site, but it is a fraud, as indicated by the website's address: "http://exchange" 


If you submitted your credentials to this form, please contact the OIT Service Desk or the Duke IT Security Office immediately.


OIT Service Desk:

(919) 684-2200


Duke IT Security Office


The message looks like the following: