Protect Your Password: Phishing and Impersonation Attempts on the Rise

This week, a chain reaction of phishing attempts targeted official WFU accounts. The phishing emails lured the recipient with an invitation to a “collaboration document” that was very convincingly branded. However, upon closer inspection, the URL was not as expected, nor was the sender’s email address. 

Hackers used publicly available information to target WFU users with messages from what appeared to be Wake Forest executives in their departments to a phony “collaboration site” where the hackers could then capture WFU email passwords and Google MFA (Multi-Factor Authentication) codes. Once the accounts were compromised, they were used to send out a second wave of phony job offer emails to additional WFU accounts. 

As a reminder, never share your password or Multi-Factor Authentication code. 

Some key tips to remember to help spot a phishing attempt: 

• Be wary of any email asking you to redirect messages to a personal email
• A legitimate site or email request will NEVER ask you for your WFU account password or Google MFA codes. 
• If something seems off in an email, call the individual the email claims to be sent from to verify its legitimacy. 
• Check with help@wfu.edu or infosec@wfu.edu to review the message and guide you on its authenticity and security.  

If you ever receive a suspicious email, remember that you have the power to protect yourself and others. Please report it immediately by forwarding it to infosec@wfu.edu. Your vigilance can make a difference in our collective security.

We can all do our part to protect Wake Forest from cyber threats. Have you seen any new phishing or cyber scams recently? Help the team with awareness, or send any questions to the Information Security team at infosec@wfu.edu.