Information Technology Services Warns of Sophisticated Phishing Attacks Impersonating Trusted Sources

The Information Security team within Information Technology Services has detected an increase in sophisticated phishing attacks targeting the University community. These phishing emails look real and often originate from compromised accounts at other universities. Attackers exploit recipients’ trust and use convincing tactics to steal account credentials.

Here is how these attacks typically work and how you can protect yourself.

How The Attacks Work

• Spoofed emails: Attackers send emails that seem to originate from trusted peers or partners at other universities.
• Fake document links: The emails contain links you are expected to click on. Recent attacks have used the pretext that a document that needs to be shared is encrypted and, in order to decrypt it, you must log in to the link.
• Fraudulent validation: If recipients email the sender for confirmation because they are suspicious, attackers respond with reassuring but fake replies.
• Credential theft: Trusting the response, recipients enter their credentials into a counterfeit Microsoft login page at the other end of the link.
• MFA exploitation: The attackers harvest the credentials and use them to trigger a legitimate Microsoft multi-factor authentication (MFA) request, which victims will see in the Microsoft Authenticator app. Bad actors email their victims the two-digit code to enter into the app. If the victim enters it, the bad actors gain complete access to their accounts. If the victims use SMS as their MFA method, the bad actors will send an email trying to get the victim to send them the provided code.
• Account misuse: Attackers use compromised accounts to attempt changes to payroll direct deposit information and/or to launch further attacks from the victim’s email account.

Protect Yourself

• Be cautious of unexpected emails: Avoid clicking on links or providing information unless you are certain of the sender’s legitimacy.
• Validate by phone, not email: If you suspect a phishing attempt, verify directly by calling the sender. Never rely on email validation for suspicious requests.
• Beware of fraudulent MFA prompts: Be cautious of unusual MFA prompts or requests. Never enter codes from unknown sources. Microsoft MFA will never send the two-digit code via email. Any email claiming to provide such a code is fraudulent. If you use SMS as an MFA method, nobody will ever ask you for the code via text or email.
• Report phishing attempts immediately: You can use Outlook’s “Report Message” feature to flag suspicious emails.

Stay alert and reach out to the IT Security team (infosec@syr.edu) with any questions or concerns. Your vigilance is vital to keeping our community safe.