Phishing scams have taken on a new twist; cybercriminals have recently started using old, exposed passwords from company data breaches in phishing emails.
How Does It Work?
An old password, obtained from a company's data breach, is referenced in a phishing email indicating the user's account has been compromised. Referencing a password that is known by the user is designed to lend credibility to the phishing email making it seem more legitimate. A link is provided for the user to login to what appears to be a Wright State authentication page to get further information. The website is fake, but looks identical to WSU's authentication page. Once the user enters their username and password they are then redirected to the real WSU website. It appears to the user that they must have done something wrong, or typed their password incorrectly. They then login again to gain access to a real WSU site. Of course there is no information on the WSU site since the compromise did not occur on our systems. The user's password and username have now been captured by the scammer.
This is only one scenario; there are many variations that can occur.
It's important to note that CaTS will NOT send a password or ask you to click a link to sign in to our services through an email as directed above. If there is evidence a person's account has been compromised, CaTS will contact you directly. If CaTS is unable to contact you, we will change your password to protect the confidentiality of the account.
If you do recognize a password that has been included in the email, CaTS recommends changing the password for that service (i.e. LinkedIn, Netflix, as well as Wright State accounts).
Questions?
If you have any questions or receive an email like this, contact the CaTS Help Desk immediately at (937) 775-4827, or email helpdesk@wright.edu.
