New 'willing relay' phishing attempt targeting UC Davis Health

Phishing continues to be one of the top cybersecurity threats against UC Davis Health staff and students. There are many different types of phishing out there, and criminals are continuously developing new ways to access and obtain sensitive data from their victims. The latest phishing attempts the cybersecurity team is seeing is something called a “willing relay” phish.

What is a “willing relay” phishing attack?

The “willing relay” phishing is a multi-phase attack, as it asks users to take multiple steps to provide the attacker with information. The user is contacted by email first, and then by text message (called a smish), and uses information gathered from other sources, including email phishing campaigns, to trick a user into accepting a Duo push or providing Duo passcodes to the attacker via the text chain.

See the image below for an example of what this phishing attempt looks like, or click here to view the “willing relay” phishing details via UC Davis’s Phish Bowl (requires Duo authentication to access).

What steps are the users asked to complete?

The victim is asked via email or text to provide information via a link to a form that looks like an official UC Davis Health form, including supplying their username, password, and cell phone number.

2. The phisher uses the supplied credentials to log into UC Davis Health resources.

3. Then the victim is contacted via text by “tech support” to provide the Duo code to the phisher. 

Because the victim supplies the Duo Code “willingly,” this phishing attempt has been labeled as a “willing relay.”

How to protect yourself?

It’s important to remember that no one, not even IT, would ever ask for your password or your Duo authentication code. If you are asked to provide either of these, you should stop any further contact with the phisher and immediately contact the Technology Operations Center at 916-734-4357 (HELP) to confirm the validity of the request.

Additionally, you can check the UC Davis Phish Bowl (requires Duo authentication to access) for a list of reported phishing messages and whether or not they are legitimate or confirmed phishing attempts.

While there is no way to prevent phishing attacks, the best defense is awareness. Become familiar with various phishing types and how to spot them. Check out the articles below to learn more about phishing attacks and the different types you may be faced with.

Resources:

• UC Davis Phish Bowl
• Willing relay phishing attempt example
• Phishing 101: what it is and how to avoid it
• Types of phishing attacks and how to avoid them
• QR code phishing: How to spot these malicious attacks
• Two new social engineering attacks to look out for: ClickFix and Fake Captcha Phishing