Skip to main content

On December 16, Dennis Schmidt, Chief Information Security Officer, sent out this formal notice asking campus to be super vigilant against increasingly sophisticated cyber criminals.

This week our campus was targeted by phishing attacks using a radically different and alarming approach. These attacks have already fooled campus members into giving up credentials and putting at risk their personal information and the University’s information.

illustration of a hacker behind a transparent OLED screen displaying connected, triangular shapes
Cyber criminals are sending malicious links through shared Google docs

Phishers are sending malicious links through shared Google docs. The phishing message is a legitimate email from Google announcing a shared document. The request for your credentials comes from the shared document, not the email. At no point should you log in or authenticate with your Onyen for file shares from external vendors like Google or Yahoo. If you fall victim to their request, you could be granting phishers full access to your account.

Ways to protect yourself

  • If you receive an unexpected message from Google or any other file-sharing service such as Dropbox or Yahoo saying somebody is sharing a document with you, be very suspicious. If you know the person or entity, contact them via a separate known email address to confirm it is legitimate. If you don’t recognize the sender, do not click on the link
  • If you are asked to provide your Onyen credentials while reading your email, do not enter them. There’s no reason you would be required to log in again. Besides, Google would not ask you for your Onyen credentials.
  • If you receive a multifactor authentication (MFA) prompt that did not arrive immediately after you logged in — even a delay of more than a few seconds, do not proceed. Legitimate logins generate MFA prompts immediately.

Phishers work overtime during holidays

We need to increase our vigilance over winter break and the holidays because phishers will likely increase their attacks. Don’t blindly log in when asked. If you are unsure of a situation, contact the ITS Service Desk. Also, if you suspect a message is phish, hit the Report Message button on your email menu to help prevent others from becoming victims.

Have a great — and safe — holiday break!

Comments are closed.