UAB IT’s security team is seeing an uptick in phishing reports for malicious emails that are inviting users to “join the party” or “celebrate the holidays with us,” hoping someone will click the link provided.
The goal is simple: Get you to click the link so you could unwittingly install a remote management tool.
If you click the link, you can be prompted to enter your username and password and download malicious content. Then, the scammers have access to your account and have the ability to use it to spread more fake initiations to your network.
“Bad actors are attempting to install remote management and monitoring tools like ScreenConnect, LogMeIn Resolve, or Naverisk,” said Sharmayne Wilson, information security engineer. “These emails may be asking you to join a Zoom call, check on an invoice, or look at a document.”
Here is what to look for with a phishy invite:
- The sender email doesn’t match the official domains above
- The invitation creates urgency
- You’re asked for payment to view the event
- The message feels generic instead of personal
- The site address looks slightly off
“Always check the sender of the invite before clicking on anything,” Wilson said. “UAB virtual invites will come from reliable sources and are contained in an Outlook calendar message.”
If you believe you have a phish, report it by using the “Report Phishing” button native to Outlook or forward the email to