This morning the campus was hit with another fairly massive phishing attempt.
This latest message has the following characteristics:
Body of the message looks similar to this example:
If you were to click on the “Please click here…” link, you would be brought to a web page appearing to be a Microsoft login page where you will be prompted to enter your username and password. We have blocked the site from being accessible from on campus.
If you received this email but did not click, please just delete it.
If you clicked and entered your username/password you must immediately change your
password and update your security questions. (If they have your password, they can
replace your security questions with their own and then are able to get right back
into your account.)
If you clicked but did not enter your username/password, you should be safe.
We all know that it is very difficult to prevent these attacks, and often difficult
to identify a sophisticated phishing message. This fall we will initiate a campus
conversation about using multifactor authentication for off-campus access to resources
like email to better protect against these types of attacks. Please review multifactor authentication for more information.