In recent days the UWM Information Security Office has discovered a new phishing campaign that involves the use of SMS/text messaging. This campaign is especially risky because it targets users with the intention of compromising their Multi-factor Authentication (MFA), to gain access to user accounts.
What is SMS Phishing?
SMS-phishing uses social engineering to leverage your trust to steal your information but, unlike more traditional email-based scams, SMS-phishing utilizes text and mobile messaging services such as WhatsApp and iMessage, to defraud victims.
Current Strategy used by Scammers
The new campaign is targeting UWM accounts utilizing email AND SMS/text phishing. This starts with sending an initial job scam phishing email that contains a malicious URL. When clicked, this link takes you to a Google Forms page, which asks for several fields of personal information, including a phone number and UWM account password.
Once the form is filled out and submitted, the scammers attempt to contact you via SMS/text message to continue the scam and get through MFA. The scammer will first try to log into your UWM account and utilize the SMS/texting authentication method. They will then text you regarding your account’s “termination” and request that you reply to them with the authentication code that was sent to your phone. Once you send them the code, it will allow them full access to your account.
It is important to note that UWM will NEVER ask you for your password or confidential information through email or SMS/text. Be aware of all “account” and “termination” emails.
Tips & Resources
- NEVER click a link sent from an email address or phone number that you don’t recognize.
- If you receive an email or SMS/text message that has a sense of urgency or claims that your account will be terminated, it is best practice to verify with a reliable source before providing any personal information.
- If you are unsure of the validity of an email or SMS/text message, do not respond or click anything; Contact the UWM Help Desk for assistance.
- For more information on different types of phishing please read our recent IT news article.
- All information on phishing and other cybersecurity topics can be found on our webpage: uwm.edu/cybersecurity.