[ skip to content ]

Phishing Alert - recent attacks

Recent email phishing attacks at ODU have used a few ways to either scam the user, to steal credentials, or to deliver malware.  


SCAMS:  Recent scams have included some form of email impersonation, using the name of a trusted associate at ODU, or using a topic designed to evoke an emotional response, such as a claim of an incorrect charge to a credit card or account.  Once the individual responds, they may either buy some gift cards or be lured into a phone support scenario in which the scam is played out.


CREDENTIAL THEFT: Recent attacks use SharePoint or other familiar login pages, including ODU’s Office 365 or ODU’s MIDAS/Monarch Key login page to trick the user into entering credentials.  Once entered the credentials have been stolen.  


MALWARE:  Recent attacks use SharePoint files to host phishing links, inserting the malicious SharePoint link into a file rather than the email itself in attempts to bypass Office 365 built-in security protections.


Phishing attacks are designed to be visually indistinguishable from work-related emails that appear safe or are designed to evoke an emotional response before taking the time to notice the tell-tail signs of a phishing attack.


Here are some best practices to protect yourself from recent phishing attack techniques:


1.     Be skeptical of any email subject line that capitalizes on buzzwords for workplace stress, like URGENT or ACTION REQUIRED, or that claim to make a large charge to your account, or that urge action on an emotional topic.

2.     Be suspicious of URLs in the body of the email or in an attachment.  Type in URLs to trusted websites versus clicking on links that may mask the true URL destination.

3.     When presented with a login page, look at the URL to see if it is actually hosted by the service it is asking you to log into. If the URL looks unfamiliar, take precaution before proceeding.

4.     If you receive an unexpected or uncharacteristic email from someone at your organization, contact them to ensure they actually sent it, especially those that ask if you are available for an urgent request.

5.     If you enter MIDAS credentials, then realize it was a mistake, change your MIDAS credentials immediately and inform the IT Security Office via ITSHelp@odu.edu.

6.     Use Two-Factor Authentication to protect your personal and ODU accounts.

7.     If you receive a two-factor prompt, but you are not logging in to an ODU application, DECLINE the prompt.  This is likely an indication that your account is compromised and you need to change your MIDAS password.


For more information on cybersecurity, please visit our awareness page at www.odu.edu/safecomputing.  Thank you for your continued diligence in maintaining a more secure ODU computing environment! 


J. Douglas Streit, CISSP 

Executive Director & CISO 

IT Security & Planning 

Information Technology Services 

Old Dominion University 



Posted By: John Streit
Date: Sun Aug 29 06:35:27 EDT 2021

Site Navigation

Experience Guaranteed

Enhance your college career by gaining relevant experience with the skills and knowledge needed for your future career. Discover our experiential learning opportunities.

Academic Days

Picture yourself in the classroom, speak with professors in your major, and meet current students.

Upcoming Events

From sports games to concerts and lectures, join the ODU community at a variety of campus events.