Have you ever gotten a summons from the US Supreme Court? Would it make you feel the need to figure out what it is, even if you KNOW you have no pending litigation? The court system is not safe from “brand impersonation”. The scam’s intent if to get victims to click on a link to a supposed subpoena to attend a hearing.
The actual prize for the phishers are peoples Microsoft 365 logon credentials. The prevalence of these types of scams is one of many deciding factors why UTHSC put O365 behind our multi-factor authentication, DUO.
So why is this one working? Researchers at security vendor Armorblox has some ideas:
- It is only sent to a few people in an organization, not a mass email
- It uses zero-day lookalike websites to spoof Microsoft 365 logon pages
- It uses CAPTCHA technology to add legitimacy (This is when you have to type in a code displayed on the screen to prove “you are not a robot”)
- It’s use of the Supreme Court may have likely been outstanding enough to catch the eye of the potential victim
What else have we seen reported to abuse@uthsc.edu? Here is a few examples.
- UTHSC Outstanding Invoice – wants you to click on a link to OneDrive
- Weekly Position Announcement t FT/PT – getting paid $400 per week to “work” on a flexible schedule. If it is too good to be true, it usually is.
- PART TIME JOB FOR STUDENTS – wants the person to open a .txt file
- Overdue Invoice Paid – another one that wants the user to click on an attachment.
Stay safe out there everyone. Any suspicious email can be forwarded to abuse@uthsc.edu for examination.