Beware: Large Scale Phishing Campaign for The Start of the Semester

Beware: Large Scale Phishing Campaign for The Start of the Semester

And so for the start of the semester, there’s a large spear phishing campaign going on just now over academia at the present time. It happened at my own institution around 7pm yesterday, and where there were emails such as:

If you receive one, you should NOT click on it. The subject looks valid, and it’s just a copy from a person’s email list. The link leads to a strange ICU domain:

httpx://message-ogww.securemail1.icu/xxxxx040be6777e38fbxx977e2

It then adds parameters of:

dknLB=
OgWw=ai5idaNlYW0hbkBuYXBlZXIuYWaudWs=
OgWw=zzHgaXvS

Which looks to be some form of tracking. The domain has now been blocked, but users should worry if they receive the email.