Threat Alert: Truist Bank and Plaid-themed Credential Phishing

• A series of phishing messages are impersonating Truist Bank.
• While the emails appear to arrive from the sender “Truist Bank,” the emails come from the unassociated @IqarusInternational[.]com sender address.
• The emails claim to contain an important notice and direct recipients to click on a malicious URL. This leads to a lookalike Truist Bank login page; however, the URL is not a valid Truist Bank page. 
• The lookalike Truist page ultimately redirects to a lookalike Plaid login form, leading to another lookalike Truist Banking page asking for credit card information. 
• Information provided by the recipient at each stage is stolen.

Key Action: Report Suspicious Emails 

• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs.
• Be extremely cautious of any unexpected email or text that prompts you to reveal account information. If you need to confirm a claim made in a message, log into your account directly via a known, trusted channel rather than via a provided link. 
• Report ANY suspicious emails received in your UCSF email box using the Phish Alarm button.