Returning to campus: Information, updates and vaccination requirements. Learn more.

Password reuse phishing

Threat Level: Medium
Threat Type: Business Email Compromise
Advisory Date: 07/04/2019

Description

Recently someone has sent you a request to sign up for a website and you're not sure if it's spam?

The website owner may be using that person's name to phish for a password you already use. This is a social engineering tactic and an attempt at business email compromise.

Password reuse is very common, we've all done it at one point or another --why try to remember another password when we can use a known good one from before? Seems logical right? Unfortunately not.

The problem with this is twofold:

  1. We all love the convenience of having things come to us, so we tend to use just one or two email addresses linked to our personal or business identities.. and we tend to use these addresses for everything.
  2. When we reuse the same passwords for those accounts across multiple sites, it now requires only one of those sites to become compromised for all of your accounts linked to that email (and that password) to become compromised.

Password reuse phishing can come in many forms, some common examples are:

  • A request to join a website from someone you know (that didn't originate from them)
  • A link to a form with account signup information
  • Legitimate looking websites that are close copies of actual websites

A good rule of thumb to prevent phishing is: if you're not expecting it, don't click it.

Impact

Password reuse phishing can lead to account compromise, depending on the circumstances this can have a wide range of risk.

For example:

  • If you use a business email password on a phishing site, that site owner now has access to your business email, and subsequently, anything that email address can access.
  • If you use a password for a "throwaway" email account that's not attached to anything personal or business related, there is no risk involved.

Resolution

We have seen a few reports of password reuse phishing, and have directly alerted all users who have been contacted by the fraudsters.

If you are ever uncertain that a message is from the actual sender, verify with them!

You can also send in any suspicious looking email to the IT Support Center (it.support@uregina.ca).

When forwarding email to us, please send the original suspicious message as an attachment to preserve the entire email so we can perform a proper assessment.

If you are using the GroupWise email client you can do this by either:

  1. Clicking the dropdown arrow next to "Forward" and selecting "Forward as attachment"
  2. Right-clicking the message in your inbox and selecting "Forward as attachment" from the context menu

Questions or concerns? Contact IT Support for assistance:

    Email: IT.Support@uregina.ca
    Phone: 306-585-4685
    Toll-free in Canada: 1-844-585-4685
    In person at ED 137 or Archer Library

Resources