Criminals have (again) devised a new technique to make their phishing attacks more effective. They use the familiarity of Microsoft's Office 365 and the relationship people make with, for example, Microsoft Teams.
It starts with an email that appears to be from a legitimate address. The victim is notified that a voice mail is waiting for him. In most cases, the link is also a legitimate site, but one that has been cracked by the criminals and used for their illegal behavior.
What is striking about this attack is that it seems to be very targeted. Various recipients report that at points along the way, either in the mail or on the phishing page, there is information related to the victim. In most cases, this is information that can easily be found online, such as on the websites of the faculties or on People Pages.
Do not hesitate to contact CERT-UT if you have the slightest doubt about the legimacy of the email. This can be done by e-mail -please send the received mail as an attachment-, or by telephone (+31 53 489 1313).
Currently, we dont have any indication an attack like this has succeeded at the university. Other organisations fell victim as is mentioned on the site of the Fraudehelpdesk (in Dutch).