Many students, faculty and staff received an email last week from someone claiming to be a Marquette student who was soliciting pet sitters.
This solicitation was deemed fraudulent and ITS took the following action immediately:
- ITS identified a compromised user account that was sending an Office365 (O365) phishing message to approximately 6,000 campus mailboxes.
- ITS reset the user password, logged out the O365 session and purged the emails from inboxes.
- Using indicators of compromise from this incident, ITS found an additional 120 accounts that were compromised.
- ITS reset the user passwords and logged out any O365 sessions.
- ITS then identified a second user account that was sending a similar phishing message to 6,000 more campus mailboxes.
- ITS reset the user password, logged out the O365 session and purged the emails from inboxes.
- Using indicators of compromise from this incident, ITS found an additional 180 accounts that were compromised.
- ITS reset the user passwords and logged out any O365 sessions.
- While ITS was remediating these two issues, five of the compromised accounts began sending 30,000 “pet sitter” emails to campus inboxes.
- At that point, ITS disabled all accounts involved, reset passwords, logged out any and all sessions and re-enabled accounts.
- ITS was able to delete all “pet sitter” scam emails.
ITS has since set up several mechanisms to report on further fraudulent solicitations and has been resetting passwords and logging out sessions as they become notified of other victims of the scam. MUPD has also been notified about the incidents and has filed a report about the scam(s).
To avoid becoming the victim of a scam, remember to:
- Practice good password hygiene.
- Choose long passwords that are easy to remember, rather than short complex passwords.
- For example “Football season is the best time of year!” is far stronger than “F0otB@lL” due to the length.
- Do not reuse passwords.
- Your Marquette password should not be used for other sites. For example, the LinkedIn data breach resulted in millions of compromised accounts because people used the same password at LinkedIn, Gmail, Facebook, for their work email, etc.
- When available, use multifactor authentication.
- Multifactor authentication will be coming soon for all employees.
- Never cash a check for or give any money to someone you do not know, nor provide someone you do not know with personal financial information.
- Make sure the contact information of the person with whom you are in contact matches the contact information of the organization with which they claim to represent.
- Take caution when responding to email messages, especially if:
- It comes from someone you do not know and have not met before.
- They request communication only via email.
- They request you do not reply with your Marquette email address.