In April, Virginia Tech students and faculty members received emails with attached links that appear to be a form of a Virginia Tech website. These emails are phishing scams to lure PID and password information from students and faculty members.
Mark DeBonis, director of Collaborative Computing Solutions at Virginia Tech, explains that this specific scam is unique as it is a type of “spear phishing” technique that has more background information on its victims. Hackers understand what motivates their targeted audience to click on a link or feel obliged to their email requests.
Included in the email are messages regarding “payroll,” “support01” or Virginia Tech websites asking to update contact information. A link is provided to do so which guides users to a fake website that asks to type in their PID and password followed by directions to use Duo Push. Instructions like “phone will ring” and “click a button after answering phone” will show under the fake website, which is different from Virginia Tech’s actual webpages. Following a button confirmation, hackers now have all of a user’s credentials needed to access their Virginia Tech email and other university websites that require your PID, password and Duo Push.
Victims may be locked out of their Virginia Tech accounts or have spam emails being sent on behalf of their hacked account.
Virginia Tech faculty members are a majority of the victims hurt by this scam. DeBonis estimates about a dozen faulty members, including wage workers, graduate students and staff members, were affected. Redirecting payroll has been reported as the main incentive for faculty to click on the link.
Virginia Tech Vice President for Information Technology Scott Midkiff advises users to be aware of the subtle differences among both webpages. Certain distinguishing features include a different .html name other than vt.edu on posted link. Moreover, while the copyright date on the Virginia Tech website is 2019, the date on the phishing scam is 2017. To further evaluate between a potentially harmful website, refer to https://phishingquiz.withgoogle.com/.
This phishing attack is still currently developing and may appear in your mailbox.