Cybercriminals are sending phishing messages impersonating a person in a position of authority on-campus. This includes deans, department chairs, department directors, and similar roles. In each of these emails what the criminals do is:
- Look through through our faculty/staff directory to pick a department to target
- Find the person in charge of that department (chair, director, dean, etc)
- Send a link to a Google Drive or OneDrive document. The 'share' email mentions the 'name' of that person (and may or may not come from a similar looking email address)
Here's an example. In this case - let's assume that they were trying to send to people within my department, Information Technology Services, and are trying to impersonate our Chief Information Officer. I would have received an email like the following. The red highlights are mine. In the message, the 'from' address is some generic 'it help desk' email address at GMail. The 'name' shown in the bottom of the message is there to make the message look more 'authentic' to the recipients.
They try to impersonate someone here in a position of authority to get people to click the links. This message is actually from Google Drive - it is the contents of that link that are malicious (most likely if someone went to that page they would get a virus, or a link to another site, which asks for people's user names and passwords).
Sadly, these attacks will keep happening as long as the college has its phone/email directory open to the general public (and not restricted to only those with a login).