UNMC and Nebraska Medicine personnel and students should be aware of a new phishing attack that several colleagues already have encountered.
Users were contacted by an external sender about a potential job opening at the medical center and clicked on a link. The sender then somehow was able to obtain the username and password of the recipients.
When the med center colleague was prompted for DUO, they “accepted” the prompt and let the outside intruder into their email account. The intruder created some rules in the colleague’s inbox to disguise their actions, and they then sent out a blast of internal emails to get more people to contact them.
Currently, the attacks include “Administrative Assistant Remote Job” in the subject line and are addressed to individuals. The e-mail includes faculty or staff member photos and can appear to be from a UNMC staff member.
“UNMC and Nebraska Medicine would never solicit contract labor like this,” said Lisa Bazis, the medical center’s chief information security officer.
She pointed to several rules that will protect colleagues who may be the victims of a phishing attempt.
- Do not give out your username or password to anyone.
- If you are prompted by DUO to accept a login attempt, make sure that this is an attempt you have initiated. If you didn’t do something to prompt it, deny the request and report the incident to IT security.
- The DUO prompt will tell you where the request initiated, which provides another safeguard. If the prompt was not initiated from your current location, deny it and report the incident to IT security.