GILLETTE, Wyo. — Many University of Wyoming faculty, staff and students fell victim to phishing emails March 22, University of Wyoming reported in a campus-wide email this afternoon.
On Wednesday we had many faculty, staff, and students fall victim to phishing e-mails. After providing their UW login credentials to outside attackers, several UW individuals also approved duo two-factor authentication requests from the attackers and granted them access to UW resources.
In this instance, it was fortunate that the attackers only accessed the UW E-Mail system. Three emails were sent out from the compromised accounts; two indicated your passcode on office 365 expired and had a link to “keep same password,” and the third was a work-from-home scam message. Because the emails came from authenticated UW user accounts, they did not have the red box warning banner identifying the message as originating from off-campus. This further tricked several UW users into replying to the scam message.
The University of Wyoming will not request your account information through an emailed web-form. You should never give your account information (including username, password, and phone number) through a webform in email. The form used in Wednesday’s attack had a message warning, “Never submit passwords through Google Forms,” The warning was located directly under the “Submit” button.
For some users, the scammers also requested a phone number. In some cases, the scammers used this phone number to coerce users to accept a two-factor authentication request via the “call” option. They sent a text message to the users indicating that if they did not accept the login request that their account would be disabled.
Whenever you receive a duo authentication request when you are not actively logging in, DENY the login. After you have denied the login you should immediately change your UW password and report the incident to UW IT.We would like to remind users that if you respond to a phish and approve a two factor authentication request, you are responsible for all the actions attackers take while using your account.
UW community members who are concerned about the legitimacy of an email should contact the IT Help Desk before clicking on the link. They can call 307-766-4357, option #1, or email firstname.lastname@example.org.
UW didn’t immediately respond to request for comment.