Cybersecurity researchers are tracking an increase in attempts to steal credentials from students and staff at colleges and universities. Proofpoint is reporting that criminals are using COVID-19 and Omicron as themes in phishing emails. Leveraging current events is a common method bad actors employ to distract users from their attempts to gain malicious access to personal information. Universities across North America will likely see an increase in these phishing themes over the next few months.

Theme Based Phishing Campaigns

According to Proofpoint, recent phishing emails contain malicious attachments or links to pages that “look like” (spoofed) actual university login pages and/or generic Microsoft Office login pages. The subject line used by cybercriminals to lure users into taking a specific action will typically combine urgency, with a theme that students and staff have become accustomed to seeing over the recent weeks and months. Use caution if you see subject lines similar to the following:

• Attention: Action Required Regarding COVID-19 Omicron Variant
• Your COVID-19 Omicron Variant Enclosed
• Staff Requirement: Sign Up for COVID-19 Omicron Variant Testing

In some cases, researchers are seeing attempts to steal multi-factor authentication (MFA) credentials with pages that, in appearance, look like Duo login or token pages. Be suspicious if you receive an unusual request to “log in” or enter a Duo token. Keeping this second layer of security protection safe can “prevent up to 99% of attacks on your accounts“.

As always, the ITS Helpdesk (X4357 or help@wlu.edu) is available to assist with any uncertainty in messages you receive.