Our Department of Information Security would like to make you aware of an emerging phishing scam targeting institution’s Outlook quarantine policy. Cyber attackers are using legitimate email quarantine messages to lure users into unknowingly giving up their username and password.

Here is how the phishing scam works:

  1. The attackers impersonates technical support sending fake email quarantine alerts:
    • Users will receive an “urgent” email from the attackers with the following:
      1. From: “Support
      2. Subject Line: “Action Required
      3. Email Body: “Two emails have been quarantined and will be deleted in 3 days if no action is taken.”
  2. Then the attackers embed a link that loads the legitimate business page and applies a fake login box on top of it.
  3. Users will also see a message saying their session has “timed out” and that they need to log back in.
  4. The user then enters their login credentials (username and password) on the fake login field.
  5. Attackers now have the user’s login information and can access their account information.

What can we do to prevent being scammed?

  1. Chapman University no longer quarantines suspicious emails. The means that you will not receive quarantine emails from IS&T. If you do, immediately report it to abuse@chapman.edu.
  2. If you are unsure about the legitimacy of an email, please check the Chapman information security page for status of the latest phish emails at chapman.edu/scams; If you do not see your email posted on the page then please report the email to abuse@chapman.edu
  3. Register for Two-Factor Authentication (2FA). 2FA adds an extra layer of protection that requires users to authenticate their login information via the Microsoft Authentication App or a 6-digit code received via text or phone call. In the event your username and password are compromised, this extra step will block unauthorized users from accessing your account.