Every day the University is subject to many attacks that target our computing systems and users.
However, a phishing attack sent via e-mail is both difficult to detect and prevent. Moreover, if successful, it is difficult to limit harm to computer systems and data. Sophisticated and security conscientious organizations such as Google and the Washington Post have been victims of these types of attacks. [2,3] These attacks are defined as “Phishing attacks…typically stem from a malicious email that victims receive effectively convincing them to visit a fraudulent website at which they are tricked into divulging sensitive information (e.g. passwords, financial account information, and social security numbers).” [1] Once attackers have your information, they will often seek ways to profit from it through such means as sending spam, selling your personal information, or obtaining further access to computer systems and accounts, in particular financial accounts.
How to identify a phishing message:
- A phishing message will often arrive unexpectedly and ask you to take an action such as clicking a link, opening an attachment, or responding with sensitive data.
- If the message has a link in the e-mail, move your mouse over the link to identify to URL or address of the website which it will take you to. An example is <a href=”http://inrt.nl/uploads/webmail.unc.edu“>SIGN IN HERE</a>.
- Hover with your mouse over the link the domain referred to may belong to inrt.nl and not unc.edu.
- The image below is a sample of a phishing e-mail. Note that the “from address” had been manipulated and that the link is not for the unc.edu domain.
What to do if you receive a phishing message:
Call the ITS HelpDesk or forward the message to help@unc.edu. Please refer to http://help.unc.edu/help/how-to-report-phishing-and-spam-emails/ for detailed instructions on how to forward a message that includes its email header
Remember, UNC-CH will not ask you to reveal your account password via the phone or email. If you receive an email or phone request for that information, the request is a phishing attempt.
References:
[1] Phishing Attacks and Countermeasures, Zulfikar Ramzan [2] http://www.wired.com/threatlevel/2010/02/apt-hacks/ [3] http://krebsonsecurity.com/2013/08/washington-post-site-hacked-after-successful-phishing-campaign/