[bioundgrd] Warning: "Incoming emails delayed" Phishing scam

Rebecca L Chamberlain chambe at mit.edu
Thu Feb 6 13:15:40 EST 2020 


Begin forwarded message:

From: Margaret Cabral <mcabral1 at mit.edu<mailto:mcabral1 at mit.edu>>
Subject: [Biofac] Fwd: Warning: "Incoming emails delayed" Phishing scam
Date: February 6, 2020 at 1:10:43 PM EST
To: bio68 <bio68 at mit.edu<mailto:bio68 at mit.edu>>, biofac <biofac at mit.edu<mailto:biofac at mit.edu>>, bio68staff <bio68staff at mit.edu<mailto:bio68staff at mit.edu>>

Dear Biology Community,

Please read the email below regarding a new phishing scam that is occurring on campus.

Thanks,

Maggie

Maggie Cabral
MIT Biology HQ, 68-132
ph: 617-452-3683

From: Jessica Murray <jlmurray at mit.edu<mailto:jlmurray at mit.edu>>
Date: February 6, 2020 at 12:37:09 PM EST
To: itpartners <itpartners at mit.edu<mailto:itpartners at mit.edu>>, ist-security-fyi <ist-security-fyi at mit.edu<mailto:ist-security-fyi at mit.edu>>, security_sig <security_sig at mit.edu<mailto:security_sig at mit.edu>>
Subject: Warning: "Incoming emails delayed" Phishing scam

Please alert staff in your department, lab or center about the phishing emails with subjects like “Incoming emails delayed…” “Missed Call” that look like they are coming from the MIT email server. The Security Team in Information Systems and Technology (IS&T) has received several reports about it.

How it works

The email appears to be from MIT (with the display name of Massachusetts Institute of Technology) and many of these emails are coming from compromised MIT accounts. The message says you have some delayed email or are missing some messages and includes a link to “Recover Delayed Messages.” This link will bring you to a fake Outlook.com<http://outlook.com/> login page. If MIT credentials are entered into this page, they will be copied by the attacker. The page then redirects to a legitimate email login page (either O365 or OWA). If the user is already logged in, the email is displayed. If you are not logged in, you will see a login page and likely assume you mistyped your password.

<image001.jpg><https://www.flickr.com/photos/ist_atmit/49493605087/in/album-72157674839514551/>

Advising staff

Please caution your staff not to fall for this kind of fake request. If they have clicked on the fake login page and submitted their Kerberos password, they should change their password immediately. The IS&T Service Desk can help recover from a phishing attack.

Encourage your staff to read up on common email scams <https://kb.mit.edu/confluence/display/istcontrib/Common+Email+Scams> in the Knowledge Base and to watch the quick “Beware of Phishy Emails!” video<https://youtu.be/ZkVr0GLSjE0> for tips on how to combat phishing. There are also Security Awareness courses available in the Atlas Learning Center.

Please continue to report phishing emails like this to phishing at mit.edu<mailto:phishing at mit.edu>. The best way to send us the information that we need is to forward the email as an attachment.<http://kb.mit.edu/confluence/x/dR6ACQ> If your staff receives an email they aren’t sure about, or believe an account was compromised, they can always contact security at mit.edu<mailto:security at mit.edu>.

Thank you for your help in raising awareness about this scam.

Sincerely,

Jessica Murray
Information Security Officer
Information Systems and Technology
MIT


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/bioundgrd/attachments/20200206/ea5d74b7/attachment.html

More information about the bioundgrd mailing list