UPDATED (4/28/2020): A new variation on this phishing theme in these days of remote meetings is an email that invites you to a Zoom meeting with HR to discuss a matter important to your employment (first quarter review, personnel issue, contract termination, any job situation that would immediately raise your anxiety level). As usual, the grammar is poor and word choice is unusual for American English speakers.
The Zoom link in the email will bring you to a fake Zoom login page. It is so fake that it will explicitly ask you for your organization email username and email password. There’s no reason Zoom would ask for this information. A real Zoom login page would have a link to sign in with your organization’s credentials, but it does not call them “email username” and “email password”.
Be very careful out there and think before you click. If you need to confirm a suspicious meeting with HR or anyone else, please call or email them directly. Don’t click on the link without confirming!
A common phishing email that recently has been increasing in frequency tries to convince you a complaint has been lodged against you, and that the police have been contacted. Other versions of this same phishing theme have mentioned docking your salary because of the complaint..
The emails seen here at Berry were simple, with poor grammar.
This is the text of the email
, good afternoon
We received a client complaint #2/691 on you in Berry College.
Complaint forwarded to local police department
Notice the comma at the front of the first line. This indicates that the phishers tried to mail merge these and failed or simply used a mail merge template, as there should be a name in front of the comma. Again, the grammar is terrible and the “#2/691” in the email is a link that might be tempting for you to click to see who complained about you. Don’t!!! The email came from an external email address, not from within the Berry email system as would be expected if this were real.
Other version of this phishing email purports to come from a “corporate lawyer” who “tried to reach you” but couldn’t. It asks for a time when can you be contacted and also provides a helpful and tempting link to review the complaint.
This is not how Berry does business, of course, and it should be obvious that this is a phishing email.
If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup take only a few minutes. Make your request by emailing firstname.lastname@example.org to tell them you want MFA!
If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events like tables in Krannert and LunchITS will be posted.