Skip to main content
  • Home
  • About
  • Faculty Experts
  • For The Media
  • ’Cuse Conversations Podcast
  • Topics
    • Alumni
    • Events
    • Faculty
    • Students
    • All Topics
  • Contact
  • Submit
Campus & Community
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • University Statements
  • Syracuse University Impact
  • |
  • The Peel
  • Athletics
Sections
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • University Statements
  • Syracuse University Impact
  • |
  • The Peel
  • Athletics
  • Home
  • About
  • Faculty Experts
  • For The Media
  • ’Cuse Conversations Podcast
  • Topics
    • Alumni
    • Events
    • Faculty
    • Students
    • All Topics
  • Contact
  • Submit
Campus & Community

Information Technology Services Warns of Sophisticated Phishing Attacks Impersonating Trusted Sources

Tuesday, January 7, 2025, By Eric Ferguson
Share
facultyInformation Technology ServicesstaffStudents

The Information Security team within Information Technology Services has detected an increase in sophisticated phishing attacks targeting the University community. These phishing emails look real and often originate from compromised accounts at other universities. Attackers exploit recipients’ trust and use convincing tactics to steal account credentials.

Here is how these attacks typically work and how you can protect yourself.

How The Attacks Work

  • Spoofed emails: Attackers send emails that seem to originate from trusted peers or partners at other universities.
  • Fake document links: The emails contain links you are expected to click on. Recent attacks have used the pretext that a document that needs to be shared is encrypted and, in order to decrypt it, you must log in to the link.
  • Fraudulent validation: If recipients email the sender for confirmation because they are suspicious, attackers respond with reassuring but fake replies.
  • Credential theft: Trusting the response, recipients enter their credentials into a counterfeit Microsoft login page at the other end of the link.
  • MFA exploitation: The attackers harvest the credentials and use them to trigger a legitimate Microsoft multi-factor authentication (MFA) request, which victims will see in the Microsoft Authenticator app. Bad actors email their victims the two-digit code to enter into the app. If the victim enters it, the bad actors gain complete access to their accounts. If the victims use SMS as their MFA method, the bad actors will send an email trying to get the victim to send them the provided code.
  • Account misuse: Attackers use compromised accounts to attempt changes to payroll direct deposit information and/or to launch further attacks from the victim’s email account.

Protect Yourself

  • Be cautious of unexpected emails: Avoid clicking on links or providing information unless you are certain of the sender’s legitimacy.
  • Validate by phone, not email: If you suspect a phishing attempt, verify directly by calling the sender. Never rely on email validation for suspicious requests.
  • Beware of fraudulent MFA prompts: Be cautious of unusual MFA prompts or requests. Never enter codes from unknown sources. Microsoft MFA will never send the two-digit code via email. Any email claiming to provide such a code is fraudulent. If you use SMS as an MFA method, nobody will ever ask you for the code via text or email.
  • Report phishing attempts immediately: You can use Outlook’s “Report Message” feature to flag suspicious emails.

Stay alert and reach out to the IT Security team (infosec@syr.edu) with any questions or concerns. Your vigilance is vital to keeping our community safe.

  • Author

Eric Ferguson

  • Recent
  • Empowering Learners With Personalized Microcredentials, Stackable Badges
    Thursday, July 3, 2025, By Hope Alvarez
  • WISE Women’s Business Center Awarded Grant From Empire State Development, Celebrates Entrepreneur of the Year Award
    Thursday, July 3, 2025, By Dawn McWilliams
  • Rose Tardiff ’15: Sparking Innovation With Data, Mapping and More
    Thursday, July 3, 2025, By News Staff
  • Paulo De Miranda G’00 Received ‘Much More Than a Formal Education’ From Maxwell
    Thursday, July 3, 2025, By Jessica Youngman
  • Law Professor Receives 2025 Onondaga County NAACP Freedom Fund Award
    Thursday, July 3, 2025, By Robert Conrad

More In Campus & Community

Rose Tardiff ’15: Sparking Innovation With Data, Mapping and More

While pursuing a bachelor’s degree in geography in the Maxwell School, Rose Tardiff ’15 became involved with the Salt City Harvest Farm, a community farm near Syracuse where newcomers from all over the world grow food and make social connections….

Paulo De Miranda G’00 Received ‘Much More Than a Formal Education’ From Maxwell

Early in his career, Paulo De Miranda G’00 embarked on several humanitarian aid and peacekeeping assignments around the world. “When we concluded our tasks, we wrote reports about our field work, but many times felt that little insight was given…

Law Professor Receives 2025 Onondaga County NAACP Freedom Fund Award

College of Law Professor Suzette Meléndez, director of the Syracuse Medical-Legal Partnership Clinic, was honored with a 2025 Onondaga County NAACP Freedom Fund Award at their 45th Annual Freedom Fund Award Dinner. Meléndez received the Maye, McKinney & Melchor Freedom…

A&S Senior Associate Dean for Academic Affairs to Retire; New Appointment Announced

After over four decades of dedicated service to the College of Arts and Sciences (A&S), Professor Gerald Greenberg is retiring at the end of 2025. He transitioned from his role as A&S senior associate dean for academic affairs; humanities; and…

Delaware Nonprofit Leader Begins 2-Year Term as Alumni Association President

Alonna Berry ’11, executive director of the Delaware Center for Justice and a graduate of the College of Arts and Sciences, is the new president of the Syracuse University Alumni Association (SUAA) Board of Directors, as of July 1, 2025….

Subscribe to SU Today

If you need help with your subscription, contact sunews@syr.edu.

Connect With Us

  • X
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
Social Media Directory

For the Media

Find an Expert Follow @SyracuseUNews
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
  • @SyracuseU
  • @SyracuseUNews
  • Social Media Directory
  • Accessibility
  • Privacy
  • Campus Status
  • Syracuse.edu
© 2025 Syracuse University News. All Rights Reserved.