All staff message from the Chief Information Security Officer - increase in targeted phishing
ANU is currently responding to an ongoing broad sophisticated phishing attack.
Attackers are currently impersonating ANU staff by setting up 'look alike' accounts (e.g. firstname.lastname@example.org) in order to setup intermediary service account (i.e. Drop Box) and then deceive ANU personnel to click on links and divulge usernames and passwords through use of these services.
The current attack is similar to those recently notified. Above are pictures of what the emails look like and what it requests of the victim.
The victim will receive an email from Dropbox, impersonating an ANU staff member. (Note: the email address is the false one created by the attackers). When a victim clicks on the "Download file" they will be taken to the next page. When the user downloads and opens this file, they will receive a message asking them to confirm their identity (pictured above). Clicking on this link will prompt the user for their email and password. The attackers are using a look alike login screen for Microsoft Office (see image above). If a victim has provided their email and password here, they have been compromised.
What to do?
If you have received this email and entered your username/email and password when prompted:
- Change your password IMMEDIATELY at https://identity.anu.edu.au
- Report via email to email@example.com - include details of how you were compromise and indicate that you have changed your password.
- Await further instructions.
If you receive the phishing email, please do the following:
- Do not click on any links, buttons or images within the suspect email;
- Do not reply to the suspect email;
- Forward the suspect email to firstname.lastname@example.org;
- Report the email to email@example.com; and
- Delete the email from your inbox.
For all others:
- Please increase phishing vigilance;
- If you receive an unexpected invoice email from a staff member, verify with the sender via phone before actioning;
- When logging into ANU office, check the address bar in your browser to ensure the login screen is coming from microsoftonline.com or anu.edu.au; and
- Forward any suspect email through to firstname.lastname@example.org
ANU is continuing to monitor and flag malicious pages to box.com for removal.
Further phishing information can be found at: https://services.anu.edu.au/information-technology/it-security/phishing
With your cyber sense and resilience, we can contain and clean-up this phishing attack promptly and continue our community's ability to live safely online.