Over the recent week, Cornell and other companies and organizations have been hit with several spearphishing attacks. As you might expect, Cornell is a constant target for nefarious attacks (as are most large institutions), however this one has hit a large number of "Cornell.edu" email accounts. And over the last 24 hours, we've been made aware of several other attacks as well.
What makes this attack particularly challenging, is that the Sender and Subject appear to be legitimate.
However, once the email is opened the content reads something like:
READ THIS MESSAGE (in a clickable banner)
Watch before: Thursday
If you clicked on the banner, you are taken to a page with a legitimate company logo - the one we looked at (safely) had the Xerox Logo with lines requesting our Xerox Login Name and Password.
IF YOU OPEN THIS EMAIL, DO NOT CLICK ON THE BANNER AND ABSOLUTELY DO NOT FILL IN ANY LOGIN OR PASSWORD INFORMATION!
The Computing Center hosts websites and has done so for over 2o years. We're defintely NOT the least expensive, our clients choose us for our security and reliability. We also offer everything that's listed in the article from the FTC.
by Andrew Smith, Director, FTC Bureau of Consumer Protection