Published on Computing & Communications Services (https://www.uoguelph.ca/ccs)

Home > InfoSec Blog - Top 3 Phishing Schemes on Campus in 2018

InfoSec Blog - Top 3 Phishing Schemes on Campus in 2018

Phishing

October 1, 2018

Phishing attacks are the most common cyberattack in the digital world. While most people have heard stories of scams originating from self-proclaimed Nigerian princes, the landscape of phishing messages is constantly evolving.
Below are the top 3 phishing scams that Information Security has seen on campus so far this year.
 
  1. Office365 and OneDrive Scams
    The deployment of Office365 and the OneDrive file sharing service on campus has made file sharing more efficient for everyone. However, it has also made it a prime attack vector for phishers because of the normality of receiving unexpected documents. In this phishing sample, a victim is asked to login into OneDrive in order to view an invoice by clicking on the link. If the targeted user clicks the link and enters their credentials, the phisher now has the victim’s credentials and full access to their account.
     
     
  2. Account Verification and Tech Support Scams
    Tech support and account verification scams have been the most common type of phishing scam in recent years. In this scheme, users receive an email that appear to come from the University IT support team or from a well known company, such as Apple, Netflix or Amazon. The email states that there is a serious issue with your account and you need to sign in to correct it immediately. The attacker then steals your account credentials after you follow the instructions and login to the site they provide.  


     
  3. CEO Fraud Scams
    In a CEO Fraud scam, an attacker spoofs a message from your boss or an executive trying to trick you into wiring funds to fraudsters. In the example below, the phisher spoofed the director of a University department. If the employee replies to this message, they will be asked to purchase gift cards, scratch off the label on the back of the card to reveal the hidden security code, and then email pictures of the cards. With all that information the phisher can claim the value of those cards.

 

For more information on how to spot a phishing email, we have several additional blog posts on the subject on our website:
 
  • Don't Let a Phishing Scam Reel You In [1]
  • Genuine Login Page or Phishing Page? [2]
  • The Impact of Phishing [3]
 

 

Written by: Hanna Guan (Cyber Security Analyst, Information Security)

Our Vision

To be technology and knowledge solution leaders, partnering with University communities, enabling excellence in teaching, learning and research.

Our Purpose

Changing lives, improving life by enabling our community.

Our Core Values

Service Culture, Integrity, Individual Leadership, Teamwork, Agility, Communication

Find us on Social Media

  • RSS - RSS

  • YouTube - CCS – University of Guelph

  • Twitter - U of G CCS IT Service Desk

About CCS

Computing & Communications Services (CCS) is U of G’s central IT department, providing core IT services to the greater campus community.

Click4Assistance UK Live Chat Software

Source URL:https://www.uoguelph.ca/ccs/infosec/phishing2018

Links
[1] https://www.uoguelph.ca/ccs/infosec/educausephishing [2] https://www.uoguelph.ca/ccs/infosec/evcertificates [3] https://www.uoguelph.ca/ccs/infosec/phishingimpact