EMAIL PHISHING ATTACKS – GONE PHISHING?
WHAT IS “PHISHING”?
Here is an extract from Wikipedia (Line breaks added to make it easier to read online) :
[ BEGINS ]
“Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.
Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.
Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.”
[ ENDS ]
Phishing attacks can be very sophisticated and will get harder to spot as time goes on – so be on your guard.
a. Beware fake emails and websites trying to steal your passwords and personal information.
b. If you respond to a phishing attack your account may be abused and cause you untold problems.
c. Never reveal your password to anyone, not even IT staff.
d. Use some common sense.
e. If you are unsure, do not be afraid to ask for help.
CAUGHT IN A TANGLE? – NEED HELP?
You can always email the IT Office at anytime or come and see us during office hours to discuss matters like Phishing. We would rather answer the same question ten times than have to clean up an avoidable mess.
Learn more about phishing – https://infosec.ox.ac.uk/phishing
WANT TO HELP TACKLE THE PROBLEM? – LEARN MORE
If you get an email which asks you to provide your personal information and you believe that it is bogus, we encourage you to forward the message, together with the message’s Full Headers, to IT Services – firstname.lastname@example.org
You can also report email, SMS and phone call scammers to the National Cyber Security Centre (NCSC)
Learn more: https://www.ncsc.gov.uk/collection/phishing-scams
WHAT TO DO IF GAVE THEM YOUR PASSWORD
Users who have actually been phished (ie disclosed their Oxford credentials) must treat this as a security incident.
- Change your password immediately
- Change any account passwords that use your Oxford account for password recovery
- If you gave away your Oxford password then you must report it as an incident by email to email@example.com
- Contact your local IT Support
What you can do to help:
How to view full headers of an email:
More information about Phishing attacks can be found here:
THINK YOU CAN OUTSMART AN INTERNET SCAMMER?
Can you tell the difference between a legitimate website and one that’s a phishing attempt? Take this quiz from OpenDNS to find out: