Why?

Information Security has identified this phishing scam being sent to WPI.edu email addresses. IT and Information Security will never send you a notification that your password or multi-factor authentication must change without prior warning. 

Action Needed

If you received this message, DO NOT reply, scan the QR code, click any links, open any attachments, or provide any personal information. If your account was compromised by responding to this message, please work with the IT Service Desk and Information Security teams to regain access. Any time that you receive a suspicious email, please forward it as an attachment to phishing@wpi.edu, or use the report button in Outlook and delete.

Details

This is the latest phishing email that circulated within the WPI community. 

Please note:   

WPI IT would not send an email insisting that your password or multi-factor authentication must change without prior warning.

The phishing attempt contains:

Sent: Beginning Friday, October 27

Subject:  [EXT] Re-Authenticate

Sender: The email originated from @go.com.sa

Body: Attempts to lure you to scan the QR code by claiming your multi-factor authentication (MFA) is going to expire today.

Please note the following characteristics of phishing in this message:

1. Subject includes [EXT] which indicates the message originated outside of WPI. 

2. Sender indicates the message is from Microsoft, but @go.com.sa isn't what Microsoft uses for their email addresses. 

3. Outlook warns "You do not often get email from noreply_2fa_authenticator@go.com.sa."

4. The message claims that your multi-factor authentication expires today. However  passwords and multi-factor authentication with the Microsoft Authenticator app never expire.

5. Do not scan the QR code because the subject, sender, Outlook warning, and message content indicate this message is suspicious. 

Image of email message; contents described in Details.