ITS Update: Protecting Against Single Sign-On (SSO) Attacks

Tuesday we received another single sign-on (SSO) website copy phishing email attack. This was initiated by users receiving the email below.

There were several indicators from this email of note that provided red flags it was potentially malicious:

• It provided a sense of urgency designed to get recipients to make a quick decision.
• The sender’s address was from outside our University.
• The grammar of the email was questionable. Note the period in the email signature.

Additionally, upon clicking the link users were taken to getupdated.tilda.ws/fairfield which is not our single sign-on (SSO) site URL. Also, the layout of this SSO site copy is very low quality. The username and password fields are horizontal to each other. Lastly, our SSO site does not have a phone number field:

Below is the actual University SSO page

Note this image shows the correct domain name of ffunam.fairfield.edu:

Thank you for your extra vigilance and for helping defend against bad actors. By stopping to watch for senders outside the University and studying the email carefully, you are helping to reduce our overall risk.