Screenshot of malicious email:
In late August, 2021, a credential harvesting campaign was seen at DePaul, sent out from compromised University email addresses.
The malicious email encourages recipients to click on a link and enter their credentials into a phishing form, in order to "review a document". The phishing page will attempt to harvest the credentials of the victim through an Excel form hosted on a non-Depaul website.
Some indicators that this email is malicious:
- An attempt to create a sense of urgency
- Unsolicited contact from a random University account
- Failure to provide any contextual information about the "document" in the body of the email
- Links to non-DePaul websites (remember to preview links by hovering over hyperlinked text)