Cybersecurity Notification | Phishing Attacks from Compromised Accounts
UK Information Technology Services (UK ITS) would like to inform students, faculty, and staff of multiple, coordinated phishing attacks using internal compromised accounts.
What do these attacks look like?
These phishing attacks are coming from legit UK email addresses (compromised accounts). They include attachments or links that request information from the recipient. This morning, over the course of two hours, there were eight distinct campaigns with varying subject lines (e.g., $1000 PAY).
What is causing these attacks?
These attacks appear to be targeting students as a result of gaining SMS codes and through push notifications as a form of multi-factor fatigue (MFA fatigue) attacks. MFA fatigue attacks happen from threat actors repeatedly sending push notifications in hopes that the target will grow fatigued and verify their identity-- allowing the threat actor in.
What is the best response to these attacks?
UK ITS recommends reporting these attacks as phishing via the Report Message button in Outlook or Google. See How do I report spam and phishing emails? (service-now.com) for step my step instructions on how to report phishing.
Following this process ensures our cybersecurity tools and team are able to work efficiently to mitigate these attacks. Forwarding these phishing attacks to other inboxes, including cybersecurity@uky.edu, is not necessary. The Enterprise Cybersecurity team reviews all submissions sent via the Report Message button.
UK ITS appreciates your assistance with informing others of using the Report Message button and your support in making mitigation of phishing attacks by the Enterprise Cybersecurity team faster and more efficient.
How can I prevent falling victim to these types of attacks?
-
Check the web address before entering credentials or MFA codes
-
If you are unsure if the push notification was initiated by you, deny it, mark it as suspicious, and immediately change your password
-
If using SMS texts for Two-Factor Log-In, follow the steps in How do I switch from an SMS text message device to a smartphone for Two-Factor Log-In? (service-now.com) to utilize the Duo app for authentication.
-
Review What to Do if Your University of Kentucky Account Has Been Compromised (service-now.com)