Update from the Chief Information Security Officer

Increase in targeted phishing 
25 March 2021

All staff message from the Chief Information Security Officer - increase in targeted phishing 

Dear colleagues,

ANU is currently responding to an ongoing broad sophisticated phishing attack.

Attackers are currently impersonating ANU staff by setting up 'look alike' accounts (e.g. u1234567anu@outlook.com) in order to setup intermediary service account (i.e. Drop Box) and then deceive ANU personnel to click on links and divulge usernames and passwords through use of these services.

The current attack is similar to those recently notified. Above are pictures of what the emails look like and what it requests of the victim.

The victim will receive an email from Dropbox, impersonating an ANU staff member. (Note: the email address is the false one created by the attackers). When a victim clicks on the "Download file" they will be taken to the next page. When the user downloads and opens this file, they will receive a message asking them to confirm their identity (pictured above). Clicking on this link will prompt the user for their email and password. The attackers are using a look alike login screen for Microsoft Office (see image above). If a victim has provided their email and password here, they have been compromised.

What to do?

If you have received this email and entered your username/email and password when prompted:

  1. Change your password IMMEDIATELY at https://identity.anu.edu.au
  2. Report via email to it.security@anu.edu.au - include details of how you were compromise and indicate that you have changed your password.
  3. Await further instructions.

If you receive the phishing email, please do the following:

  1. Do not click on any links, buttons or images within the suspect email;
  2. Do not reply to the suspect email;
  3. Forward the suspect email to spam@anu.edu.au;
  4. Report the email to it.security@anu.edu.au; and
  5. Delete the email from your inbox.

For all others:

  1. Please increase phishing vigilance;
  2. If you receive an unexpected invoice email from a staff member, verify with the sender via phone before actioning;
  3. When logging into ANU office, check the address bar in your browser to ensure the login screen is coming from microsoftonline.com or anu.edu.au; and
  4. Forward any suspect email through to spam@anu.edu.au

ANU is continuing to monitor and flag malicious pages to box.com for removal.

The Cyber Sense website has links to a training module on how to identify phishing more generally.

Further phishing information can be found at: https://services.anu.edu.au/information-technology/it-security/phishing

With your cyber sense and resilience, we can contain and clean-up this phishing attack promptly and continue our community's ability to live safely online.

Contact

If you have any questions related to phishing please visit the Service Now Knowledge Base, see the Cyber Sense website or email cybersense@anu.edu.au.

Suthagar