Summer offers no relief from email scams


CSIT has received a number of reports of a new email scam reaching NWU mailboxes.  This particular scam is a variant of one we have seen previously, though not recently.

The scam presents itself as a message from a secure document management site, informing the email recipient that a document - shared with them by a colleague - is waiting for them.  The message includes a link to the shared document.  The link points to a bogus web site which presents the user with a screen scrape of the Microsoft Office 365 logon page and prompts for the users password.  Were  you to enter a password, the site would redirect your browser to the real Office 365 logon page, encouraging the assumption that the password had been entered incorrectly.  In fact, the password will have been added to a database of compromised account information, along with the associated username.

In fact, of course, the message does not originate from a secure document management service.  Nor is it consistent with the document sharing notifications which might be generated by Office 365 when a colleague really shares a document with another Office 365 account.

Please continue to be cautious in your handling of email message as we move into the summer months, particularly with following embedded links in email messages.  Thank you.