Scr
eenshot of malicious email:
On January 18th and 19th, 2022, an email purporting to come from HR and containing important information was sent out to the DePaul community from compromised DePaul University email accounts.
The email requests you login to view the documents. The link takes you to a non-DePaul website where the victim is asked to login. The credential harvesting website requests username and password.
It is always important to remain vigilant when handling email, even when it appears to come from a DePaul email address or other official looking email address. Email addresses and login portals can be spoofed and imitated. Compromised email accounts (e.g. if a fellow DePaul community member fell victim to phishing) are often used to target the community. Keeping your DePaul account secure helps keep the entire community secure.
Some indicators that this email is malicious:
- An attempt to create a sense of urgency and importance
- A link to a non-DePaul website
- Impersonation of DePaul department
Anyone who has entered their credentials into this scam should immediately change their password and report the incident to security@depaul.edu.