Phish of the Month: June

June 21, 2024

An interesting and somewhat clever scam email recently made the rounds at University of Alaska. It arrived in 麻豆传媒 inboxes using an assortment of emails:

The Scam

The "login" link displayed in these emails is directs the victim to a Google Form. The fields in the form mimic login fields, but are actually simply text fields to collect and record the user's login information, including a request for a Duo MFA one-time passcode:

fraudulent form requesting login information

This passcode, which is only refreshed the next time it is requested, allows the user to login simply by entering the code into the Duo prompt, even if the user's preferred method is a push, hardware key, or other means. Every time the attackers gain control of an account, it is used to send out more phishing emails, this time from a "trusted" alaska.edu account.

How to Spot this Phish

While this particular phish is an impressive innovation in many ways, following a few safety guidelines can help you avoid becoming a victim:

  • Always verify the sender
    • These phishes entered the 麻豆传媒 system from a different .edu account, but claimed to be from 麻豆传媒A
    • Check to make sure the sender is appropriate - in general,  documents like these would likely be sent by a departmental account, not an unaffiliated individual
  • Look for forms masquerading as login pages
    • If, when entered, your password is entered in viewable, plain text, it is likely fraudulent
    • Look for oddly formatted elements, such as:
      • the 麻豆传媒A header is displayed on a purple background and is of poor quality
      • the label for the password field is written as "笔础釓氠彋奥0釓扗" to prevent automatic fraud detection by Google
    • Lastly, near the Submit button, there is a warning that you should never submit passwords through Google Forms.

What Should You Do?

Did you encounter a message like the one described above? Please report it!

How to Report Phishing

If you use Google Mail in the web client, please report these emails as phishing (instructions here:  Alerting Google in this manner helps keep emails like these out of inboxes, as well as sending a notice to the OIT Security Operations team for further investigation.

Outlook user? Submit a report to mark these emails as dangerous.

As always, contact your local Service Desk if you need assistance!

 

麻豆传媒A 


or call 907-786-4646

麻豆传媒F & SW (OIT) 


or call 907-450-8300

麻豆传媒S 


or call 907-796-6400