Phishing Email Targeting Missouri State Users - Information Services

Information Services

Phishing Email Targeting Missouri State Users

by

Phishing message requesting Login and Password dangling from a phishing hook over a laptopSeveral Missouri State students, faculty, and staff members have received phishing emails falsely claiming that an issue with two university Office 365 accounts must be resolved.

The form linked from this email attempts to collect usernames and passwords, as well as phone numbers used for multifactor authentication (MFA). Some Missouri State users have reported receiving text messages or phone calls after providing this information, with the goal of convincing them to provide an MFA code or approve an MFA notification.

Neither Missouri State nor Microsoft will ever call or text you requesting an MFA code or that you approve an MFA notification. If you receive such a call or text, please notify InformationSecurity@missouristate.edu.

Phishing email example:

Subject: E-Mail Portal Login Our records indicated that your Office-365 has two different logins with two universities portals. Kindly indicate the two info logins as soon as possible. To avoid termination within the next 72hrs and to also prevent loss of all emails associated with your account, we expect you to strictly adhere and address this. We will process your request shortly. If you have only one college account, fill in the correct user and password and submit but if you are in a dual credit college, fill in the correct username and password for both schools and submit. If you have no knowledge about the request process, kindly update to cancel the request below. Cancel The Request Thank You ©Microsoft 2022

You can protect yourself from phishing messages by avoiding clicking links in emails you don’t expect, being careful where you enter your username and password, and reporting anything suspicious to InformationSecurity@missouristate.edu.