In early December, multiple users reported e-mails purporting to be from a colleague, offering to share a file from Microsoft OneDrive. If the user clicked on the link within the e-mail, they were instructed to logon with their PNW username and password. Upon doing so, the user’s credentials were then passed to the attacker, who began accessing the user’s e-mail mailbox, setting mailbox rules to prevent the user from getting e-mails from Information Services, and deleting all incoming messages. In some cases, those mailboxes were then used to further propagate the phishing e-mail.
As always, we ask that you be diligent when clicking on links in e-mails. If you were not expecting the e-mail, confirm that the e-mail address is indeed from an @PNW.edu e-mail account, and that there is no yellow “External e-mail banner” affixed to the e-mail. Additionally, ask the sender (using their known contact information) to confirm that they are indeed the sender. Lastly, if you have ANY doubts about the legitimacy of an e-mail, forward a copy to ABUSE@PNW.EDU and do not click on any links within the e-mail!
It takes a village to fight against SPAM and Phishing attacks. Please stay vigilant and keep an eye out for these types of phishing emails and report them to ABUSE@PNW.EDU.