In the wake of targeted phishing attacks aimed at Duke faculty and graduate students, Duke’s IT Security Office is warning Duke community members to step up their vigilance in spotting potential email threats.
At least five Duke faculty and students have received well-crafted, individually targeted emails that contained malicious attachments or links. The emails were especially persuasive because they contained references to recipients’ interests and came from legitimate email addresses that had been compromised by the attackers.
The attacks appear to be part of national phishing campaigns targeting non-profit organizations and think tanks, said Richard Biever, the university’s chief information security officer. The nation-state hackers, based in Russia, are believed to have been involved in attacks against the Democratic National Committee and some celebrities.
The IT Security Office offers the following signs to watch for:
1. Message subjects or content about a particular event like the recent election or an area of personal or professional interest.
2. An attachment or link that you are asked to open.
3. Links and content related to legitimate companies or familiar senders.
If you receive a message that you think is suspicious, please email the security office immediately at email@example.com.