UCSF IT Technology

Cybercriminals have launched Okta-branded phishing attacks encouraging recipients to follow a link to resynchronize their Okta and Microsoft accounts.   Clicking on the link leads to a credential phishing kit that redirects the user to a lookalike Microsoft login page.

Cybercriminals have launched series of phishing attacks claiming to be from the recipient’s HR department.The lures use a variety of sender names like HR Alerts or HR Department; however, the actual sending address is not associated with a recipient’s company or HR department.The lures typically direct the recipient to take immediate action regarding an HR assignment or alert by clicking on a malicious link leading to the download of a zipped .url file or downloading a PDF attachment.

Cybercriminals have launched phishing attacks abusing legitimate tools that are used to direct web traffic.  Phishing lures contain an embedded URL that leads to a lookalike Google Chrome update site.  Downloading the fake Google Chrome update installs a legitimate tool used for remotely monitoring and supporting computers.

Cybercriminals have launched a series of phishing attacks using spoofed or compromised email accounts belonging to the National Health Service (NHS). These emails, which appear to come from a NHS[.]net email address, use the subject line “YOU NEED TO SETTLE THIS.” A fully capitalized subject line like this is unlikely to come from an official government institution.   The lures contain a prompt to review an alleged DocuSign document.