Screenshot of malicious email:
On November 5th, 2021, covid-themed phishing emails were sent to some DePaul Univeristy inboxes from non-DePaul email account(s). A majority of these emails were filtered.
The malicious email attempts to trick victims into clicking/opening a malicious attachment.
The attachment is an HTML file, which is set up by the malicious actors to harvest the credentials of victims. The credential harvesting attachment uses some Microsoft and DePaul logos in an attempt to make it look more legitimate.
It is always important to remain vigilant when handling email, even when it appears to come from a DePaul email address or other official looking email address or identity/name. Email addresses and login portals can be spoofed and imitated. Compromised email accounts (e.g. a DePaul email account owned by an individual that fell for phishing) are often used to target the community. Keeping your DePaul account secure helps keep the entire community secure.
Some indicators that this email is malicious:
- An attempt to create a sense of urgency (covid results are seen as important and something users would want to click on immediately)
- A suspiciously named attachment
- Impersonation of DePaul in the "From" field
- A lack of contextual information in the body of the email
Anyone who has entered their credentials into this scam should immediately change their password and report the incident to security@depaul.edu.