A few days ago at work I returned to my desk and noticed two new emails. The older one (by only 8 minutes) was labeled as coming from “System Administrator” but in actuality was a phishing email. Something to the affect of “We noticed your system has a virus. To help us get rid of it, please CLICK HERE and enter your username and password.”
The newer one (by only 8 minutes!) was from someone in IT, saying the email was a phishing attempt and to delete it without clicking the link.
That was two days ago.
This afternoon I walked into my supervisor’s office to ask him whether or not a professor had given us a book or not to put on reserve, as we had a student here who said she was told we would have it. (We didn’t.) He was on the phone with someone, leaving a voicemail.
When he ended the voicemail, he hung up and explained that he was leaving a voicemail for someone in IT who had called him while he was out. It turns out that one of my coworker’s email account had been disabled after it started sending out thousands of emails. So I figure she clicked the link. But who knows – maybe it occurred some other way. She doesn’t work today or tomorrow, so it will be a bit before they can figure it out, unfortunately. ;p