久久热视频

Skip to Main Content

Notice: Email phishing messages urge users to send password, Duo code to bad actors

A new phishing email urges recipients to log in to a special system to verify their Microsoft accounts.

by Elizabeth Parsons, IT Services • Published

Notice: Email phishing messages urge users to send password, Duo code to bad actors

by Elizabeth Parsons, IT Services • Published

Monday morning, a phishing message containing a malicious attempt to steal credentials was sent to approximately 2,000 Miami accounts. This message came with the subject line, “Thank you for being part of 久久热视频.” The information security team has contained and deleted the email from our Miami servers. However, another phishing email was sent as a result of the first, and that message is now circulating as well.

Look for this: Sample of the scam email

This new email urges recipients to log in to a special system to verify their Microsoft accounts. It contains content similar to the following:

Your Microsoft account has been added to the list of accounts that are scheduled to be deactivated because the account holder in question has transferred, retired, or graduated. However, the data indicates that you are still in service, so please confirm this request; if not, we will have grounds to deactivate your university account.

To prevent deactivation, Check Here

Please verify your account right away.

At the bottom of this email, a link is provided for recipients to log in, and the link takes you to a form that looks like this:

Google Form asking for Miami email address, MUnet password, and a Duo code.

This is a common type of scam we see. Neither Microsoft nor Miami will ever send a message like this to force users to verify their accounts. Any links in an email like this should be treated as suspicious! Another clue is the sense of urgency that the email tries to elicit (“right away”). Malicious actors often try to coerce you into acting emotionally and quickly without thinking.

And it bears repeating: IT Services will never ask for your password via Google Form. We especially will not ask for your Duo code.

If you receive this or a similar email, please do not respond or click on any links; just delete the message.

What do I do?

If you receive a message that you suspect to be a phishing message, please forward it to InfoSec@MiamiOH.edu. This allows the information security team to block sites that may be associated with phishing attacks. If you ever feel you may have responded to a fraudulent message or clicked a link in one, please contact IT Help immediately at 513-529-7900.

For more tips about remaining secure online and at Miami, visit MiamiOH.edu/infosec.

Tagged:
IT Services Security Awareness