Purdue IT is warning Purdue email account users of a recent increase in spear phishing activities.
Spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information. In this case, attackers are sending emails from non-purdue.edu email addresses and claiming to be staff or faculty at Purdue.
A few recent examples involve individuals creating email accounts using services such as Gmail with an address, display name, and signature that impersonate Purdue personnel. The attackers then send targeted messages to individuals in the same department requesting information from the recipient.
Purdue IT provides the following to help people avoid phishing attempts:
What can you do to avoid such attacks?
- Don’t be fooled, assess. Don't open attachments or click on any links until you assess whether the message is legitimate — even if it appears to come from a friend, colleague or real name of someone on campus. If you have doubts, ask your area IT representative or contact Purdue IT at 765-494-4000.
- Don't rush. Hackers want you to respond without thinking. Watch out for language that indicates a quick deadline or directs you to download and open an attachment, update an account, visit a website or provide personal information.
- Are there misspellings or typos? An email from a legitimate organization should be well-written. Grammar and spelling mistakes are red flags.
- Report phishing attempts. Suspicious emails to your Purdue account should be reported by forwarding the message to abuse@purdue.edu.
- Change your password. If you ever are concerned that you might have shared your password, change it as soon as possible. Purdue IT also will send an email alert automatically to faculty and staff whenever there is a change to their career account or direct deposit banking information.
- Call for help. If you or someone you know has been a victim of this type of email attack, please contact the Purdue IT Customer Service Center at 765-494-4000 or by emailing it@purdue.edu.
Tips are available at https://phishing.itap.purdue.edu/warning.php to help identify phishing emails.
What is Purdue IT doing?
- Mail Filtering with Impersonation Protection: Mail filtering with Impersonation Protection allows email to be scanned for malicious content, including malware and impersonation attacks. In January, Purdue IT began adding filters to Purdue’s mail system to prevent as many of these types of emails as possible.
- Email Bannering: With email bannering, all inbound email (from non-purdue.edu email addresses and not authorized as a University affiliate) will be flagged with a banner showing the recipient that the email originated outside of purdue.edu: Email bannering is to be deployed to all users no later than August 2022.
- Cybersecurity Awareness Programs: Cybersecurity awareness programs, communications and training efforts are being developed. Purdue System Security recently conducted broad awareness training for the Office of Treasury with plans to deploy various efforts related to cybersecurity training for all staff and students.
- Microsoft Multi Factor Authentication (MFA): This protects against internal email addresses being compromised and then used to send mass phishing emails (i.e. free piano emails). Currently, 70% of faculty, staff and students on the West Lafayette campus have been enrolled; with a goal of 100% enrollment by the end of March.
- Enforcing best practices for authenticated email delivery:
- All email sent from Purdue accounts will be required to use Office 365 (with MFA) or be sent from authorized University networks no later than August 2022.
- In accordance with Microsoft policy, all email clients will be required to use modern authentication protocols by October 2022.