(ADVANCE) WARNING!!!
This email below has been confirmed as malicious or fraudulent by the Information Security department. If you have received this phishing email, do not open any attachments or follow the link(s) in the message; simply delete the email.This phishing email is intended to redirect users to a Google form that will harvest their credentials and allow the attackers to bypass two factor authentication. This email is particularly dangerous because if successful, attackers will be able to gain network level access through the use of the stolen two factor authentication code. Below are the red flags:
- Mismatched Email Addresses: The sender’s email address and the embedded email address within the body of the message do not match. The sender’s email claims to be from utsa.edu but is actually from trentu.ca.
- Urgency and Threats: The email creates a sense of urgency by suggesting that the recipient’s account is set for deactivation and requires immediate action. This is a common tactic in phishing to prompt a hasty response.
- Generic Language: The email uses generic language like “Your University of Texas at San Antonio account” instead of personalizing the message with the recipient’s name.
- Suspicious Links: The “Verify Here” link redirects to a Google form that harvests user credentials and bypasses two factor authentication.
