Educause Security Discussion mailing list archives
Phishing at U-M
From: Donald Welch <djwelch () UMICH EDU>
Date: Fri, 5 Jun 2015 08:11:41 -0400
Colleagues, Starting Wed, we've been undergoing a serious phishing attack. The attacker has used compromised accounts to send the e-mails and collect the information on forms in U-M google drives. Still they are "from the IRS," but from a umich e-mail. As we shut down accounts, the attacker moves on to the next account. The scam subject lines he has used are: E-Services Record Validation Important Mail =?UTF-8?B?SW1wb3J0YW50IE1haWzigI/igI8=?= Quick Validation We think about 150 people have given up their PII so far. In some cases we have been fast to close down the form so the attacker may not have captured the info. We have also been seeing an attack aimed at faculty when the e-mail is asking for a copy of a person's paper, and when they click the link they get a copy of our login page. This one is annoying, but we don't think the attack is working in that the faculty realize they have been scamed and change their password quickly. As our campus becomes wiser to this attack the attacker may move on to another campus. Don Donald J. Welch, Ph.D. Chief Information Security Officer University of Michigan 734-615-0334
Current thread:
- Phishing at U-M Donald Welch (Jun 05)
- Re: Phishing at U-M Joel Anderson (Jun 05)
- Re: Phishing at U-M William Rhee (Jun 05)
- Re: Phishing at U-M Joel Anderson (Jun 05)
- VPN Security Kevin Reedy (Jun 05)
- Re: VPN Security Rossella Mariotti-Jones (Jun 05)
- Re: Phishing at U-M Frank Barton (Jun 05)
- Re: Phishing at U-M Joel Anderson (Jun 07)
- Re: Phishing at U-M William Rhee (Jun 05)
- Re: Phishing at U-M Joel Anderson (Jun 05)