Warning: spear-phishing alert informing about mailbox quota exceeded!
The Cybersecurity Team of Masaryk University warns about a spear-phishing campaign in which the attacker attempts to trick employees into revealing their login credentials!
Warning: spear-phishing campaign targeting IS MU login credentials
The Cybersecurity Team of Masaryk University warns of an ongoing spear-phishing campaign aimed at stealing login credentials for the Masaryk University Information System.
What is going on?
We have identified a wave of spear-phishing emails with the subject "1 new meeting message." These emails pretend to be an automated notifications about a new message. However, when clicked, they contain a link that leads to a fraudulent phishing form closely mimicking the Masaryk University IS login page.
Spear-phishing is a social engineering technique that uses psychological manipulation to obtain sensitive information or access secure systems. This method represents a more sophisticated variant of phishing, as fraudulent messages are specifically crafted and sent to particular individuals or groups to obtain personal or sensitive data.
The phishing page is an exact copy of the real one – the main identifying signs are:
- a spoofed URL address -> the legitimate one is always https://muni.islogin.cz;
- a static date and time are at the bottom of the page (the real page always shows the correct time).
What to do?
Spear-phishing messages are designed to appear as relevant as possible to the victim's work, thereby creating a tendency to open and promptly follow the instructions in the message, such as logging into systems, etc. The insidiousness of these messages also lies in their ability to easily blend in with regular work emails. If you receive a similarly formulated message:
If you entered your password on the fraudulent login page, immediately change your primary and secondary password in the IS MU at https://is.muni.cz/auth/system/heslo.
Conclusion
Spear-phishing attacks are an increasingly popular technique among cyber attackers because, unfortunately, they are often successful. If you want to learn more about phishing, we recommend reading the article that details the impact of phishing attacks on MU students.
All necessary information about cybersecurity at Masaryk University can always be found at security.muni.cz.