Be Aware - Phishing Attacks from Trusted Senders

Posted:

Campus:

Dryden
Greenstone (Longlac)
Lake of the Woods (Kenora)
...

In the past week Computer Services has recently seen several phishing campaigns sent from compromised email accounts at trusted partner organizations targeting Confederation College employees. 

This type of phishing attack is particularly dangerous because it can be difficult to spot. Since the email comes from a partner organization, you are more likely to trust it – you may even have been expecting to receive an email from them. 

If you are unsure about the legitimacy of an email, use the “Report a Phish” button in Outlook or forward it to [email protected] or call Computer Services Help Desk at 807-473-3884 for assistance to confirm if it's legitimate.

Below are some actual examples of phishing emails that have been received recently, as well as indicators of what to look out for. 

Phish Example 1

Phish Example 2

Phish Example 3

Phish Example 4

If you had clicked on a link in one of these emails, you may have been taken to a “sign in” page like the below: 

 

Phish Example - Sign In Page

Although this page looks identical to the real Microsoft sign-in page and is even secured with “https” and the padlock icon, notice the address at the top – this is not a legitimate Microsoft sign-in page. 

 

Please be aware and extra cautious as these types of phishing campaigns against Confederation College with legitimate compromised accounts has been on the rise.

Share