SECUIRTY ALERT: Phishing scam originating from compromised NWU accounts
Published

Earlier this evening (Wednesday, 9/30), CSIT was alerted to he wide distribution of a phishing scam to NWU mailboxes.  Instances of the same phishing scam message originated from two compromised NWU accounts, bypassing filters which might have otherwise prevented the messages from being delivered.

The phishing messages included the Subject line “Nebraska Wesleyan University Email Verification !!!” while the body of the message pretended to report that the recipient’s email account had been accessed from “another computer” and was therefore suspect.  The message went on to demand that the recipient validate their email by following a link embedded in the message.  It was signed as coming from Nebraska Wesleyan University ITS Help-desk and included a copyright notice.

Cautious reader would recognize in the message bad grammar, random characters in the text and an unfamiliar source for such an alert.  They might also have wondered why access to their email accounts from multiple computers was in itself suspect.  More telling was that the target of the embedded link was hosted on GoDaddy.com and not within the NWU domain.

We have secured the compromised accounts from which these phishing scams originated and have made an effort to remove the scam email from NWU mailboxes.  If you received such a message before seeing this alert and did not act on it, then you need do nothing more than delete the message.  If, however, you followed the embedded link AND entered any information on the web page to which it took you, then please contact CSIT immediately – the security of your NWU account may be at risk.

Thanks to all those who reported this phishing scam and to everyone for your continuing caution in handling your NWU email.