Home / Announcements / Security alert: Beware of phishing attacks targeting your credentials and MFA tokens

Security alert: Beware of phishing attacks targeting your credentials and MFA tokens

ITS-icon-for-InsideNC.png

A message from the IT Security Office:

We’re seeing an increase in sophisticated phishing attacks targeting our community. These attacks aim to steal your username, password, and even your Multi-Factor Authentication (MFA) tokens.*

How the attack works:

  1. Convincing appearance: In the example shown below, the emails appear legitimate, use official logos, originate from official email addresses, and have a normal subject line. However, the message originates from an unfamiliar contact and also contain a suspicious looking link and attachment.
  2. Fake authentication pages: If you click that link, you will be redirected to a website that looks like the college’s official login page but is actually fake.
  3. Credential theft: When you enter your username and password on these fake pages, attackers capture your credentials.
  4. MFA token compromise: The fake site may then prompt you for MFA authentication. If you approve the request, the attackers will steal your MFA token, gaining temporary but full access to your account.

What you can do:

  • Think before you click: Always verify the sender’s email address and check the URL of any link before clicking.
  • Verify the address bar: When you visit a login page, you need to verify the domain in the address bar before entering your username, password, or MFA token. Attackers often use slight misspellings or extra characters in the URL to trick you into thinking it’s a legitimate site.
  • Be cautious with MFA requests: If you receive an unexpected MFA prompt, do not approve it–this could be an attacker trying to access your account.
  • Report suspicious emails: If something feels off, don’t click any links or approve any MFA requests–report it to our IT department immediately using the reporting button.

Staying vigilant is crucial for safeguarding not just your account but also the security of our whole community. Remain cautious and stay safe!

Best Regards
ITS Security Office
[email protected]

*An MFA token is a temporary code used for verifying the two-factor authentication after you enter the username and password. It can be generated by an authentication app, sent to your phone through SMS or voice message, or provided by a hardware device.

Share this article

PinIt