Don’t Get Hooked: Protect Yourself from Credential Harvesting Scams
January 10, 2025
Credential harvesting, sometimes called credential theft or compromise, is a serious cyber threat that can cause big problems. Unfortunately, it’s also very common—studies show that over 79% of business accounts have been targeted by attackers using tactics like credential phishing. University of Alaska is no exception.
What Is Credential Harvesting?
Credential harvesting is an attack that tricks a user into entering their credentials
into a fraudulent form, which is often designed to imitate a trusted login page. The
form link is often delivered via email or text, but could also be delivered via a
malicious QR code.
Once the attacker has the credentials, they usually attempt to use them almost immediately.
If the account is protected by MFA, the affected user will be alerted by their chosen
method, and can deny the request. If the attacker gains access to the account, they
can do everything that the authorized user is able to do.
How Can You Tell?
The signs can be subtle, but once you recognize a phishing attempt you can avoid becoming
a victim. Here are some tips on how to spot a phishing email:
- Contains an offer that’s too good to be true
- Language that’s urgent, alarming, or threatening
- May contain strange wording or misspellings
- Greetings that are ambiguous or very generic
- Requests to send personal information, including passwords
- Urgency to click on an unfamiliar hyperlinks or attachment
- Strange or abrupt business requests
- Unfamiliar sender masquerading as an alaska.edu account
Protecting Yourself and UA
If you use Google Mail in the web client, please report these emails as phishing (instructions here: https://support.google.com/mail/answer/8253?hl=en). Alerting Google in this manner helps keep emails like these out of inboxes, as well as sending a notice to the OIT Security Operations team for further investigation.
Outlook user? Submit a Junk > Phishing report to mark these emails as dangerous.
As always, contact your local Service Desk if you need assistance!
UAAReport Security Issueor call 907-786-4646 |
UAF & SW (OIT)Report Security Issueor call 907-450-8300 |
UASReport Security Issueor call 907-796-6400 |