Phishing: Difference between revisions

From UMIACS
Jump to navigation Jump to search
No edit summary
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Phishing attacks may be hard to distinguish from legitimate administrative messages, especially those in which the supposed UMIACS staff advise or require users to take administrative actions related to their account (e.g. their storage quota, their email account, or their account usage).  
Phishing attacks may be hard to distinguish from legitimate administrative messages, especially those in which the supposed UMIACS staff advise or require users to take administrative actions related to their account (e.g. storage quota, email account, or general account usage).  


Below are some helpful tips and practices that will make it easier to distinguish between messages from legitimate UMIACS staff and phishing attempts.
Below are some helpful tips and practices that will make it easier to distinguish between legitimate UMIACS staff messages and phishing attempts.


==Legitimate Mail from Staff==
==Legitimate Mail from Staff==
The [https://intranet.umiacs.umd.edu UMIACS intranet site, intranet.umiacs.umd.edu] will always have a posted announcement of any administrative actions we wish all UMIACS users to take collectively. We suggest manually typing this address into your browser or having a bookmark for this site. This URL should also always be SSL-secured. Please check that your browser is reporting a secure connection when visiting the site. This will always be the case for any URL in the *.umiacs.umd.edu domain.


The [https://www.intranet.umiacs.umd.edu UMIACS intranet site] will always have a posted announcement of any actions we wish our users to take. We suggest to always type this address into your browser or have a bookmark for this site.
When we do send out requests for advisory and mandatory actions for a user they will '''usually''' be signed with a staff member's GPG key. We provide a tool called Verify Staff GPG Messages from the UMIACS intranet site (also linked below). This allows you to paste the text of the message and confirm that the sender is legitimate. Please note that other communications that are initiated by users through our Jira ticket system or in response to these tickets will not be signed.
 
Going to the UMIACS intranet site will redirect you to a SSL secured site. Please check that your browser is reporting a secure connection. This will always be for *.umiacs.umd.edu and is currently valid until March 15th, 2017. UMIACS staff will communicate any changes or updates to the certificate validating this via an announcement.
 
When we do send out requests for advisory and mandatory actions for a user they will be signed with a staff member's GPG key. We provide a tool called Verify Staff GPG Messages from the UMIACS intranet site (also linked below). This allows you to paste the text of the message and confirm that the sender is legitimate. Other communications that are initiated by users through our Jira ticket system or in response to these tickets will not be signed.
* [https://intranet.umiacs.umd.edu/staff/gpg/verify Verify Staff GPG Messages]
* [https://intranet.umiacs.umd.edu/staff/gpg/verify Verify Staff GPG Messages]


==Some Telltale Signs of Phishing==
==Some Telltale Signs of Phishing==
The above steps should ensure that you are properly able to identify legitimate messages sent by staff. Below are some additional generic signs that should help identify phishing attempts.
The above steps should ensure that you are properly able to identify legitimate messages sent by staff. Below are some additional generic signs that should help identify phishing attempts.


* Bogus to and from addresses (not within the UMIACS or UMD domains)
* Bogus to and from addresses (not within the UMIACS or UMD domains)
* Message not directly referencing you by name (e.g. "Hello user" or "Hello researcher")
* Message not directly referencing you by name (e.g. "Hello user" or "Hello researcher")
* Sender of message demanding that action be taken immediately or consequences will occur
* Sender of message demanding that action be taken immediately or consequences will occur (without an appropriate GPG key included)
* Poor grammar and spelling in the message
* Poor grammar and spelling in the message
* Hyperlinks pointing to different locations than they claim to
* Hyperlinks pointing to different locations than they claim to or shady attachments being included with the message
**'''WARNING: Do NOT click on any links in an email you suspect to be a phishing attempt, as these may lead to the execution of malicious programs on your machine, instead, hover over the link to check where the link really points to'''
**'''WARNING: Do NOT click on any links or open any attachments in a message you suspect to be a phishing attempt, as these may lead to the execution of malicious programs on your machine. Instead, hover over links to check where they really point to.'''


If you ever have questions about the legitimacy of a message please open a ticket via sending mail to [mailto:staff@umiacs.umd.edu staff] or call our [[HelpDesk | Help Desk]].
If you ever have questions about the legitimacy of a message, please contact the [[HelpDesk | Help Desk]] and we can verify whether or not it was sent out by staff.


==If You Have Fallen Victim==
==If You Have Fallen Victim==
 
If you believe you've fallen victim to a phishing attack or otherwise believe your account may have been compromised, please contact the [[HelpDesk | Help Desk]] immediately. The sooner we know about any potential issues, the sooner we can take preventive measures to make sure as little harm is done as possible. This typically will involve a password change as well as possibly locking out access to your account for some period of time while we ensure your account is secure.
If you believe your account has been compromised as a result of phishing, please open a ticket via sending mail to [mailto:staff@umiacs.umd.edu staff] or contact the [[HelpDesk | Help Desk]] immediately. The sooner we know about an issue the sooner we can take preventive measures to make sure as little harm is done as possible. This typically will involve a password change as well as possibly locking out access to your account for some period of time while we ensure your account is secure.

Latest revision as of 19:56, 22 August 2023

Phishing attacks may be hard to distinguish from legitimate administrative messages, especially those in which the supposed UMIACS staff advise or require users to take administrative actions related to their account (e.g. storage quota, email account, or general account usage).

Below are some helpful tips and practices that will make it easier to distinguish between legitimate UMIACS staff messages and phishing attempts.

Legitimate Mail from Staff

The UMIACS intranet site, intranet.umiacs.umd.edu will always have a posted announcement of any administrative actions we wish all UMIACS users to take collectively. We suggest manually typing this address into your browser or having a bookmark for this site. This URL should also always be SSL-secured. Please check that your browser is reporting a secure connection when visiting the site. This will always be the case for any URL in the *.umiacs.umd.edu domain.

When we do send out requests for advisory and mandatory actions for a user they will usually be signed with a staff member's GPG key. We provide a tool called Verify Staff GPG Messages from the UMIACS intranet site (also linked below). This allows you to paste the text of the message and confirm that the sender is legitimate. Please note that other communications that are initiated by users through our Jira ticket system or in response to these tickets will not be signed.

Some Telltale Signs of Phishing

The above steps should ensure that you are properly able to identify legitimate messages sent by staff. Below are some additional generic signs that should help identify phishing attempts.

  • Bogus to and from addresses (not within the UMIACS or UMD domains)
  • Message not directly referencing you by name (e.g. "Hello user" or "Hello researcher")
  • Sender of message demanding that action be taken immediately or consequences will occur (without an appropriate GPG key included)
  • Poor grammar and spelling in the message
  • Hyperlinks pointing to different locations than they claim to or shady attachments being included with the message
    • WARNING: Do NOT click on any links or open any attachments in a message you suspect to be a phishing attempt, as these may lead to the execution of malicious programs on your machine. Instead, hover over links to check where they really point to.

If you ever have questions about the legitimacy of a message, please contact the Help Desk and we can verify whether or not it was sent out by staff.

If You Have Fallen Victim

If you believe you've fallen victim to a phishing attack or otherwise believe your account may have been compromised, please contact the Help Desk immediately. The sooner we know about any potential issues, the sooner we can take preventive measures to make sure as little harm is done as possible. This typically will involve a password change as well as possibly locking out access to your account for some period of time while we ensure your account is secure.