We recently received an advisory from the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) warning higher education institutions about sophisticated phishing emails that target faculty and staff. These very authentic looking phishing e-mails attempt to lure you to a Web portal and trick you into providing your university credentials. With this information the perpetrators are able to gain access to our enterprise networks and systems.
Specifically, the phishing attacks described in the REN-ISAC notice target university faculty and staff using an e-mail purporting to be about a change in salary from the university’s human resources department. The e-mail instructs the recipient to follow a link to review information about salary changes. That link connects to a web page that spoofs the university’s human resources or payroll portal and collects your login credentials. The attacker then uses these stolen credentials to change your direct deposit settings to reroute payroll deposits to the attacker’s account. These types of attacks appear to be well planned and highly orchestrated, as they very closely mimic university images, URLs, and were often sent during faculty review periods
While the attacks described in the REN-ISAC notice are specific and target payroll information, your credentials obtained through phishing attacks can be used to compromise other parts of our network, which may contain sensitive personal information, intellectual property, or other confidential data.
Phishing attacks remain some of our most common cybersecurity threats. For example, phishing attacks we have seen recently allege to come from IT and request that you resolve an e-mail box size problem, update you email information, or fix some other problem with an IT service. Again, the perpetrators want you to provide them with your credentials.
How to protect yourself? There is no magic bullet but there are safe computing practices. Some of them are:
- Keep your computer software and anti-virus protection up-to-date.
- Be VERY suspicious of ANY e-mail asking for your NETID and password.
- NEVER share your NETID and password with ANYONE
- Change your password regularly
Please contact me in case of comments, questions, or concerns.