The University of Missouri System Office of Information Technology is aware of recent phishing attacks targeting the research community. These targeted, sophisticated attacks take users to a spoofed webpage that emulates the look and feel of the UM System-branded Microsoft login page.
However, these spoofed pages are hosted on untrusted, overseas websites controlled by bad actors. These actors seek to steal sensitive information, such as usernames, passwords and steps in a multi-factor authentication session.
Who is at risk?
UM System employees, particularly those involved in research.
What steps should researchers take to keep information secure?
When using a university username and password to log into a resource that uses Microsoft authentication, do the following:
- Verify the page is authentic. The address bar should indicate the page is hosted at login.microsoftonline.com. Regardless of the resource or tool being accessed, if it requires Microsoft authentication, the domain name should always be login.microsoftonline.com.
- Look for a padlock icon to the left of the web address.
If something feels strange or if you receive a message you aren’t sure about, please contact the IT Help Desk. For the University of Missouri–Columbia, visit the Division of Information Technology or MU’s Self-Service Portal.
Additionally, the UM System has a dedicated research security team equipped to provide security assistance for researchers. The team can answer questions and help address security requirements associated with grants and projects. Contact the UM Research Security Team at umresearchsecurityteam@umsystem.edu.