The latest phishing email looks to be coming from an LUC email address that appears to be compromised. Notice the misspelling of the work administrator and the poor grammar in the second sentence. These phishing emails tend to occur more frequently at the beginning of a semester and are more likely to target new students and faculty. Be aware of “MFA Fatigue”. This happens when someone falls for a phish and provides their password. The attacker will then continually attempt to log into the account causing the victim to get repeated push notifications. The victim gets tired of all of the notifications and finally clicks “Accept”. The University Information Security Office recommends that if you receive a push notification that you do not expect, to ignore the notice. They should eventually stop as hackers tend to look for low hanging fruit and will move on if they don’t get a response quickly. Although convenient, the best way to prevent this is to not use push notifications and change your MFA preferences to “Authenticator App or Hardware Token Code”. When using this method, you will need to open your authenticator app and use the 6 digit code provided by the app. For instructions on configuring MFA preferences, go to Multi-Factor Authentication: Information Technology Services: Loyola University Chicago (luc.edu) from any browser.
From: REDACTED
Sent: Saturday, August 20, 2022 12:21 PM
Subject: Urgent Warning
Our record indicates that you recently made a request to terminate your Office 365 email. And this process has begun by our administrat made accidentally and you have no knowledge of it, you are advised to verify your Account
Regards
Office365 Security Dept