Cyber threats -- Stay alert!

Per our Office for Information Security:
We are seeing some targeted phishing scams in recent days where scammers are sending malicious Google Forms to users in order to collect their Names, Email addresses, Passwords, and Phone numbers. The most recent scams were sent from compromised accounts in both the VCU and VCUHS communities.

We believe the attackers are calling people pretending to be IT support, and tricking the target to provide them with their username/passwords, and DUO Mobile codes. If anyone responded to this scam, the likelihood that the scammer will call them to request information is very high. Please remember that IT Support will never ask you for your passwords or DUO mobile code. VCU community members should always hang up if receiving such a call and report the incident to their local IT support or infosec@vcu.edu.

Also related, we are starting to see job scams now targeting incoming students. So far, these scams are also using malicious Google Forms for information collection, and the scammers will usually pretend to be a professor looking for “research assistants” in order to trick incoming students into cashing fraudulent checks.

Here are things to look out for:
If anyone asks for your personal phone number or personal email so they can communicate with you “offline”, then there is a good chance that this is a scam.

If you receive phone calls from “IT support”, and the person is asking for your username, password, and/or DUO mobile code, then it is definitely a scam. You must not share this information with anyone, as sharing this information will lead to account compromise.

Be aware of malicious web forms, including Google Forms, and never enter sensitive personal information, especially login credentials or DUO mobile codes, into them.

Businesses will not offer you a job without a proper interview and evaluation. Scammers love to target new and existing students as they return to school with these job scams. Falling for these scams can mean the loss of thousands of dollars.

VCU has received advisory alerts from multiple sources indicating an elevated risk of cyber threats at this time. The threat actors are believed to be utilizing targeted phishing attacks to gain unauthorized access to large IT systems.

As a result, please be advised to stay extra vigilant and alert, and take the following precautions in the upcoming weeks:

1. Be aware of the following Tactics, Tools, and Procedures (TTP) used by some of these adversaries:

• The use of fake personas by the threat actors, pretending to be assistants to executives and researchers.

• Use of traditional email, as well as WhatsApp, SMS, and other alternative communications mechanisms.

• Use of fake Gmail or Microsoft login pages (Some actually hosted on Google Sites), as well as fake Google Meet or other virtual meeting invitations designed to steal credentials from victims.

• The use of Generative Artificial Intelligence (GenAI) tools in the creation of these phishing campaigns is generally free of spelling or grammatical errors.

2. Please take the following precautions when handling emails, texts, or other communications:

• Proceed with extra caution in dealing with inquiries from external researchers, executives, or other external individuals. When in doubt, check with your IT support unit or infosec@vcu.edu.

• Be extremely cautious of meeting invites from external parties, especially those from individuals you do not know.

• Be cautious of links in emails; hover over links or tap and hold links to reveal their destination. Please be advised that some malware or phishing websites can be hosted on legitimate services like Dropbox, X, or Google Sites. When in doubt, check with your IT support or infosec@vcu.edu.

• Be cautious when unknown individuals reach out to you via social media or text message platforms, such as SMS, WhatsApp, LinkedIn, or Telegram. Be especially cautious if they send you links or meeting invites, or ask for any proprietary information.