Disclosure of campaigns targeting Universidade de Évora.
Users are received an email as an incident, informing that their certificate to email exchange has expired and that they must fill a form to get their email working correctly again, in the next 24 hours.
The email has a link to an external form where attackers request user to insert username, email and password.
