The Office of Information Security received a reported phishing message that contains a dangerous credential phishing scam. This malicious email states that there is a document available in OneDrive, but that the recipient will need to follow a link in the email to sign in and see it. Unsuspecting victims who type their credentials into this field are unknowingly handing these credentials over to the attackers. Below, you will find a sample of this message.
Protect Your Account
If you received this message and clicked on the link or entered any information, you should change your WUSTLKey password immediately. If you are not sure if you interacted with this message by clicking the link or entering any information, please change your WUSTLKey password now.
You can change your password by visiting the WUSTL connect site by either typing ‘connect.wustl.edu’ into a browser or by finding the appropriate link in WUSTL ONE (one.wustl.edu).
Credential Phishing Tactics
Credential phishing attempts to lure unsuspecting victims into revealing passwords or other personal information so the criminals can gain access to important and valuable resources. These messages often include a tone of urgency in hopes of causing recipients to take action before carefully reviewing the message and what it is requesting. Extra caution should be exercised with any email that contains an urgent tone or a request for quick action. Additionally, links sent via email should be considered suspicious until you can verify the authenticity of the sender and the action being requested.
The tactic of using an urgent tone to request recipients follow a link to enter sensitive information is one of the most common criminal phishing strategies. Any email fitting that profile should be approached with caution. If you doubt the authenticity of a message from a seemingly legitimate sender, please take some time to reach out to that sender using a contact method other than the one(s) contained in the email to confirm its authenticity.
If you receive a message like this or any other phishing attempt, please forward the message to email@example.com and delete it from your inbox. Our office will review the message and take further action to protect our institution, if necessary.
We appreciate everything you do to help keep our institution secure.