Duke email users targeted by phishing attacks
Duke email users were targeted by two phishing attacks this week after receiving fraudulent messages that, if the .zip file attachment was opened, installed “ransomware” onto the user’s computer.
The ransomware, called Cryptolocker, encrypts all of the user’s files and then asks the user to pay money for the files to be unlocked, according to the university.
Richard Biever, Duke’s chief information security officer, said the scam is similar to the “Your computer may be infected” message that pops up when visiting a website.
If a person clicks on the link to go through with a “security scan,” another message will say the computer is infected and the user needs to pay money to clean their computer of viruses, Biever said.
This week, the first email had the subject line, "RE: Annual Form - Authorization to Use Privately Owned Vehicle on State Business." A similar message, titled, "Message from Admin Scanner," was sent Friday morning.
Biever said university email traffic that gets caught in the Duke IT Security Office “web” before it gets to the Duke user is comprised of about 85- to 90-percent malicious correspondence, such as phishing scams or viruses.
But even then, the security office receives an alert from users once a week on average about a phishing attempt making its rounds.
This week, there were a few, he said. Next week, there could be none.
Biever said to be skeptical of any email, especially if it’s from an unknown person and comes with an attachment, and always run anti-virus software.