Email Phishing Activity Targeting Leadership: New Filter Enabled

Increased Email Phishing Activity – FUNDS REQUESTS

UITS and other Universities have detected an increase in email phishing activity on campus, specifically spear phishing attempts seeking to have users purchase gift cards or send funds immediately.  We want to make you and your units aware of this issue, as well as additional steps UITS has taken to remediate the situation.

Current situation:

Malicious emails were detected starting early December and appear to come from the President, a Dean, or other senior official at the university requesting an ‘Urgent reply’.
The body of the message contains ‘Hello, are you available?’
If the recipient responds to the email, the hacker asks the recipient to purchase a gift card or provide a personal loan.

Resolution:

UITS has implemented a content filter to 1) scan the subject line and body of incoming emails and 2) identify emails that are considered SPAM based on the criteria mentioned above.

If the filter detects a match, 1) “[SPAM?]” will automatically be added to the email subject line to notify the recipient it is not a legitimate email message and 2) the filter will set the ‘from’ address to the originating email address, removing the friendly recognized sender name. 

Example:  The correct address for the president is president@arizona.edu, the fake address may look something like ‘president.arizona.edu@gmail.com’.  The filter will replace the name with the actual email address. 

The content filter will indicate which emails are suspected to be SPAM but emails will still be delivered to the inbox as normal. The filter will help ensure legitimate emails are not impacted.

Please forward phishes you receive to phish@arizona.edu as described here:  https://security.arizona.edu/content/phishing. If you have any additional questions, please contact the Information Security Office at security@arizona.edu

Further Resources: 

What’s Phish?  security.arizona.edu/node/335

Phishing Alerts:  security.arizona.edu/phishing_alerts

Report a Phish:  security.arizona.edu/content/report-phish

Continued Direct Email Phish Activity

We continue to experience an increased level of phishing attempts specifically requesting users to purchase gifts cards, send funds, or change banking account information to accounts controlled by the malicious actors.  Please share this information with your local departments. We are specifically seeing leadership targeted as well as any staff who may have access to financial accounts, this includes the president’s office, the provost‘s office, FSO, and other staff. Below, please find examples of the latest attacks we have seen at UA.

Report these Emails

Please forward phishes you receive to phish@arizona.edu as described here:  https://security.arizona.edu/content/phishing. If you have any additional questions, please contact the Information Security Office at security@arizona.edu.