VM Notifications and Signature Requests are Fraudulent

Many of you have received (and some have reported – thanks!) two fairly new phishing emails to appear in our inboxes.

The first one is a (sometimes incorrectly) targeted voice mail notification. It appears to come from a Berry address if you don’t look closely. The subject line states “VM message from” and then has an area code and prefix, but the last four digits of the phone number are starred out. It also states that the VM was “received and processed” on a specific date. Opening the email shows an “Office365” logon and “Voicemail Service” in a large, plain type. It tries to get you to open an attachment which has an HTML link which most likely redirects to a fake Office365 login page.

Here is an image of the email:

The second type of phishing email is a fraudulent request for a signature on a document, ostensibly an auto proposal. These email also  purport to be from Berry, but actually come from another educational institution. The phishers have either compromised a mail server there or have simply rewritten the From address to look like “<your username>@<the other institution>.edu. The phishers also insert your username into the subject line, which is intended to grab your attention. The full subject line reads: Signature requested for “<your username> – Auto Proposal 20-21”

It gets weirder when you open the email to see the following in the body of the message:

Message Duration: 00:29 secs
Sent by berry.edu – Audlo Management Conferenclng System.

There is an attachment that is supposed to be a voice message, but is actually a document with a link in it, probably going to a fake login page, but you are not explicitly instructed to open it. Apparently, the phishers assume you will open it. Don’t do that…
If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events like tables in Krannert and LunchITS will be posted.

Photo Credit: Photo by Mael BALLAND on Unsplash

Author

(Visited 153 times, 1 visits today)