Phishing Emails from Harvard Email Accounts

What Happened?

A targeted phishing campaign was discovered yesterday, July 5, which used compromised Harvard email accounts to send messages to others within the Harvard community. The message provides a link to a “shared file” that will require login to access it. The objective of the attacker was to gain access to more Harvard email accounts by recording and using these login credentials. The message comes from individuals known to the recipient, although the content is generic and not expected.

The look of the phishing email

 

What Is the Risk?

Since the messages originated from within Harvard, our inbound email filters are not examining these items for suspicious links and content. Once reported to us, we are blocking access to the links from campus, but the links used within the messages continue to change. If you clicked the link and provided login credentials, then the attacker has the ability to access your email account and send messages or view and delete other messages there. If you believe you provided your password in this scheme, you need to change your password immediately. Go to https://key.harvard.edu and click the “Recover/Reset Password” link near the bottom of the page and follow directions there.

 

What Can I Do?

Email scams leveraging compromised accounts are less frequent and tougher to spot than mass messages from external accounts, but the standard few small actions can help keep you safe.

Click Wisely: Only open files or click links in messages from people you trust, and that you were expecting.

Report Phishing: If you receive a suspicious email, forward it to phishing@harvard.edu. This helps us protect you, and everyone at Harvard.

Go to the Source: If the message seems odd, but you’re still curious to find out more- close the email and visit the official website directly. For unexpected or out-of-character messages sent from people you know, contact the sender outside of email to confirm that the message is authentic before clicking or opening anything.

 

To check files shared with your Harvard University issued OneDrive:

1) Access OneDrive from the link at https://mso.harvard.edu
Select OneDrive

2) At the homepage, click the link for “Shared with me” near the upper left-hand corner of the screen.

Shared with me

 

 

See also: Security Alerts