Increased Email Phishing Activity Reported
University Information Technology Services (UITS) has detected an increase in email phishing activity on campus, specifically spear phishing attempts seeking to have users purchase gift cards or send funds immediately. UITS has applied additional steps to remediate the situation.
Current situation:
- Malicious emails were detected starting in early December and appear to come from the President, a Dean, or other senior official at the University requesting an "Urgent reply."
- The body of the message contains "Hello, are you available?"
- If the recipient responds to the email, the hacker asks the recipient to purchase a gift card or provide a personal loan.
Resolution:
UITS has implemented a content filter to 1) scan the subject line and body of incoming emails and 2) identify emails that are considered SPAM based on the criteria mentioned above.
If the filter detects a match, 1) "[SPAM?]" will automatically be added to the email subject line to notify the recipient it is not a legitimate email message and 2) the filter will set the "from" address to the originating email address, removing the friendly recognized sender name.
For example: the correct address for the president is president@arizona.edu; the fake address may look something like "president.arizona.edu@gmail.com." The filter will replace the name with the actual email address.
The content filter will indicate which emails are suspected to be SPAM but emails will still be delivered to the inbox as normal. The filter will help ensure legitimate emails are not impacted.
Please forward phishes you receive to phish@arizona.edu as described here: https://security.arizona.edu/content/phishing. If you have any additional questions, please contact the Information Security Office at security@arizona.edu.
Resources:
- What's Phish? security.arizona.edu/node/335
- Phishing Alerts: security.arizona.edu/phishing_alerts
- Report a Phish: security.arizona.edu/content/report-phish