CSIT has received many reports this morning of a wave of phishing scam messages reaching NWU mailboxes. The widespread nature of the attack suggests that an alert to NWU account holders is appropriate.
This morning’s phishing attacks originate from a variety of compromised NWU accounts and, so, escape some email filters designed to stop scam messages. The messages also use a variety of Subject line texts included “Invoice,” “Requested invoices,” “Documents,” “Attachments,” and “Statement” among others. In each case, however, the body of the message is the same. The message claims to be providing the recipient with links to an account statement and invoices and advises that the linked documents must be unzipped for review. The links lead to a site where the malicious documents can be downloaded.
IF you have received such a message this morning, please delete it immediately and do not attempt to follow the embedded links. If you have already followed these links and downloaded anything from the site, we recommend scanning your computer immediately for any potentially malicious software or files which may have been part of this exploit.