[IS&T Security-FYI] Warning: "Incoming emails delayed" Phishing scam

Jessica Murray jlmurray at mit.edu
Thu Feb 6 12:37:09 EST 2020 

Please alert staff in your department, lab or center about the phishing emails with subjects like “Incoming emails delayed…” “Missed Call” that look like they are coming from the MIT email server. The Security Team in Information Systems and Technology (IS&T) has received several reports about it.

How it works

The email appears to be from MIT (with the display name of Massachusetts Institute of Technology) and many of these emails are coming from compromised MIT accounts. The message says you have some delayed email or are missing some messages and includes a link to “Recover Delayed Messages.” This link will bring you to a fake Outlook.com login page. If MIT credentials are entered into this page, they will be copied by the attacker. The page then redirects to a legitimate email login page (either O365 or OWA). If the user is already logged in, the email is displayed. If you are not logged in, you will see a login page and likely assume you mistyped your password.

[cid:image001.jpg at 01D5DCEA.25E43B30]<https://www.flickr.com/photos/ist_atmit/49493605087/in/album-72157674839514551/>

Advising staff

Please caution your staff not to fall for this kind of fake request. If they have clicked on the fake login page and submitted their Kerberos password, they should change their password immediately. The IS&T Service Desk can help recover from a phishing attack.

Encourage your staff to read up on common email scams <https://kb.mit.edu/confluence/display/istcontrib/Common+Email+Scams> in the Knowledge Base and to watch the quick “Beware of Phishy Emails!” video<https://youtu.be/ZkVr0GLSjE0> for tips on how to combat phishing. There are also Security Awareness courses available in the Atlas Learning Center.

Please continue to report phishing emails like this to phishing at mit.edu<mailto:phishing at mit.edu>. The best way to send us the information that we need is to forward the email as an attachment.<http://kb.mit.edu/confluence/x/dR6ACQ> If your staff receives an email they aren’t sure about, or believe an account was compromised, they can always contact security at mit.edu<mailto:security at mit.edu>.

Thank you for your help in raising awareness about this scam.

Sincerely,

Jessica Murray
Information Security Officer
Information Systems and Technology
MIT

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20200206/983f98ae/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 42977 bytes
Desc: image001.jpg
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20200206/983f98ae/attachment-0001.jpg

More information about the ist-security-fyi mailing list