A trusted name doesn’t always mean trusted content!
If you ever fall victim to a phishing attack, your email account could be compromised by scammers. If this happens, your account can be used to send attacks to your contacts. Even if you see a familiar name in the “From:” field, it’s not a sure fire way to trust the message. Today’s Phishing Wall of Shame entry comes from Rose C. and Hannah L., who both were emailed by a faculty member they knew, but saw a message they didn’t trust:
Our two Security Stars knew the sender, but they knew him as a faculty member without any relation to the IT department. There was no reason to think that he should be informing them about an issue with their email.
The email has a link in it. IT Staff were able to investigate this link in a secure way, and saw it directed to a form requesting the user enter their email username and password. Trained IT Staff opened the file to take a picture, however you should avoid clicking a link in a suspicious email, because they could contain phishing attempts, malicious code, or illegal content and could cause harm to your computer. Here is what this link contained:
The page that loaded is an amature looking form that is clearly not an official UMass Boston communication, however remember that in our last posting we learned to never rely on the incompetence of scammers to keep yourself safe! If you had filled in this form with your email and password, you can bet that your account would soon be sending out attack messages too, or worse!
If you are suspicious of a link, website, or email, you can contact the IT department to ask if it may be a scam. Forward a copy of a suspicious email to abuse@umb.edu.
Always remember…
Don’t take the bait! IT will NEVER ask you for your password. Phishing emails attempt to deceive you into giving up your private information by leading you to fraudulent websites. Learn more at:
http://www.umb.edu/it/getting_services/security/phishing/