Educause Security Discussion mailing list archives
Re: Phishing O365 tenants with compromised hotmail/Microsoft accounts
From: "King, Ronald A." <raking () NSU EDU>
Date: Thu, 29 Aug 2019 16:38:16 +0000
Yep! We have seen an uptick in this and similar since students moved in. I think the phishers have their own academic calendar. Ronald King Chief Information Security Officer Office of Information Technology (757) 823-2916 (Office) raking () nsu edu<mailto:raking () nsu edu> www.nsu.edu<http://www.nsu.edu/> @NSUCISO (Twitter) [NSU_logo_horiz_tag_4c - Smaller] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jim A. Bole Sent: Thursday, August 29, 2019 10:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Phishing O365 tenants with compromised hotmail/Microsoft accounts Curious if any other O365 shops are seeing a spike in phishing emails that use a compromised Hotmail account to send a OneDrive link. The attacker also uses some sort of fake IT sender, but the body of the message often has a signature block or other information from a senior university person with some sort of higher ed content. Example: [cid:image003.jpg@01D55E66.A0D64610] Jim Bole Director of Information Security Stevenson University 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu<mailto:jbole () stevenson edu> | O: 443-334-2696 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Phishing O365 tenants with compromised hotmail/Microsoft accounts Jim A. Bole (Aug 29)
- Re: Phishing O365 tenants with compromised hotmail/Microsoft accounts Bandy, John (Aug 29)
- Re: Phishing O365 tenants with compromised hotmail/Microsoft accounts King, Ronald A. (Aug 29)