Alert: A Tricky New Phishing Caper
A new pandemic-themed phishing campaign is making the rounds. This particular scam exploits the ongoing uncertainty that many have when it comes to their organization’s COVID-19 policies, according to Roger Kay at INKY. Emails claiming to be from Human Resources (and sent from a compromised email account) are being sent to employees of various organizations telling them that they’re being required to fill out a COVID-19 vaccination status form. This is also known as “Form Phishing.”
However, when the user clicks on the link in the email, they’re directed to a fake Microsoft Outlook credential phishing page. This is a tactic known as “brand impersonation,” which uses elements of a well-known brand to make an email look as if it came from that company. In this case, the brand being imitated was Microsoft Outlook.
Because these emails come from legitimate but compromised (or “hacked”) accounts, they are able to pass standard email authentication processes, including our own multi-factor authentication system. They can appear to come from high-ranking administrators like the president or the dean.
To better protect against these types of phishing schemes, it’s important to understand the tactics they employ.
Brand Impersonation
This method uses elements of a well-known brand or organization to make an email appear more credible.
Exploiting Current Events
By capitalizing on uncertainty and fear surrounding current events like COVID-19, phishers can manipulate users into sending sensitive information. You can find Elon University’s COVID-19 policies here.
Credential Harvesting
This occurs when a victim thinks they are logging in to one of their resource sites but is actually entering credentials into a dialogue box owned by the phisher.
Compromised Email Accounts
This tactic is used by phishers to pass most security software tests, enabling phishing emails to slip past corporate defenses and into hapless recipients’ inboxes.
Protecting Your Accounts
Phishing scams come in all shapes and sizes, but many of them use the exact tactics described above. Stay vigilant and remember — if the email looks suspicious, send it to Information Security to ensure its validity. Thank you for your cooperation in protecting our campus and community.