Phishing Email: Subject = Security alert

July 6, 2017

by UNH Information Security Services

UNH IT has received reports of a phishing email with a subject of "Security alert" and comes from a UNH email address.  

The link in this phishing attack opens a fake UNH branded Outlook Web Access log in screen in an attempt to steal user credentials.   

Additionally, when the link is clicked, a file or files are written to the user's device and information about the cookies stored in the user's browser are collected.  

Users who clicked this link need to take the following steps immediately:

  1. Notify the UNH IT Service Desk at (603) 862-4242 or Information Security Services if the user entered their credentials into the log in screen.
  2. Run an anti-malware scan on the device they were using when they clicked on the link from this email.
  3. Clear the cache on the browser being used when the link was clicked. (Instructions available in the UNH IT KB)
  4. Change the password on any account they have logged in to using that browser.

Linked text in the email is underlined, but all links have been removed.

Email Text


This is to notify you that our system has detected several attempts to access your email account from an unrecognized device.

New login from Chrome on MAC
Thursday, July 7th, 2017 at 05:09 pm.
162.173.05.11
Alabama, United States*

If you don’t recognize this activity,

 we strongly recommend you Review your account to save your current IP in our database.
Otherwise, you can disregard this message. Why are we sending this?

  We didn’t recognize the browser or device you used to log into your email account. 
This could be the result of accessing your account from a new or public computer or
changing your browser settings, but it could also be a sign of unauthorized account activity.

Protect yourself from phishing emails

We will never ask for your password in an email. If you don’t trust a link in an email,
go directly to the normal login page Here
      
Copyright © 2017  • 
Do not reply as this is an automated message.


 

Bookmark and Share

Archive