Tuesday morning was an exciting one for the security team. Over 900 inboxes received the following email.
I am delighted to report that a huge number of you were superheros and forwarded the email to firstname.lastname@example.org. Thanks to you we were able to block the target page and limit any damage. Even though so many of you spotted the email as a phish right away, with the high number of recipients Marketing and Communications made the unusual decision to issue a campus wide alert.
While we were investigating the incident, we discovered that the attacker spent a lot of time viewing our Payroll webpage. There is an excellent chance that the attacker will use this information in the near future to create another phishing email.
We are asking everyone across campus to keep an eye out for payroll or HR related phishing emails in the next little while. If you receive an email that appears to come from HR or Payroll, please check the email address for accuracy. If it is correct, please call the sender to confirm that they actually sent the email.
Should you find the email to be malicious, do what your colleagues did this morning and forward the email to email@example.com. You too can be a superhero!