While the trick and treaters were out collecting candy, cyberattackers hit the campus looking for their own treats…MRU login credentials. Over a thousand emails flooded campus inboxes. While the email subjects were varied, the contents were the same.

 

 

This email has two big red flags; the generic sending email address and the link that goes to a Jotform. While Jotform is a legitimate service used to create forms, much like Google forms, the use of the form was far from legitimate.  If you clicked the link you would be told that to access the pending emails, you would have to enter your MRU email credentials into the form. Once you do, the attackers have your credentials.

Of course as MFA is enabled on your account, they can’t just enter your stolen password and gain access to your email. They need to by pass the MFA. The most popular method at the moment is to bombard you endlessly with MFA prompts by repeatedly signing into your email. The hope is, you will get tired of being prompted and just tap, Yes it is me, just to get them to end. Some people finally give in.

I am proud to say that once these emails hit inboxes, the cybersecurity email was flooded with reports. Many of those reports included appreciation for the cybersecurity awareness training that prepared them for the attack.  Well done everyone!  Well done.