Phishing: Difference between revisions

From UMIACS
Jump to navigation Jump to search
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 4: Line 4:


==Legitimate Mail from Staff==
==Legitimate Mail from Staff==
The [https://intranet.umiacs.umd.edu UMIACS intranet site, intranet.umiacs.umd.edu] will always have a posted announcement of any administrative actions we wish all UMIACS users to take collectively. We suggest manually typing this address into your browser or having a bookmark for this site. This URL should also always be SSL-secured. Please check that your browser is reporting a secure connection when visiting the site. This will always be the case for any URL in the *.umiacs.umd.edu domain.


The [https://intranet.umiacs.umd.edu UMIACS intranet site, intranet.umiacs.umd.edu] will always have a posted announcement of any administrative actions we wish our users to take collectively. We suggest manually typing this address into your browser or having a bookmark for this site. This URL should also always be SSL-secured. Please check that your browser is reporting a secure connection when visiting the site. This will always be the case for any URL in the *.umiacs.umd.edu domain.
When we do send out requests for advisory and mandatory actions for a user they will '''usually''' be signed with a staff member's GPG key. We provide a tool called Verify Staff GPG Messages from the UMIACS intranet site (also linked below). This allows you to paste the text of the message and confirm that the sender is legitimate. Please note that other communications that are initiated by users through our Jira ticket system or in response to these tickets will not be signed.
 
When we do send out requests for advisory and mandatory actions for a user they will be signed with a staff member's GPG key. We provide a tool called Verify Staff GPG Messages from the UMIACS intranet site (also linked below). This allows you to paste the text of the message and confirm that the sender is legitimate. Please note that other communications that are initiated by users through our Jira ticket system or in response to these tickets will not be signed.
* [https://intranet.umiacs.umd.edu/staff/gpg/verify Verify Staff GPG Messages]
* [https://intranet.umiacs.umd.edu/staff/gpg/verify Verify Staff GPG Messages]


==Some Telltale Signs of Phishing==
==Some Telltale Signs of Phishing==
The above steps should ensure that you are properly able to identify legitimate messages sent by staff. Below are some additional generic signs that should help identify phishing attempts.
The above steps should ensure that you are properly able to identify legitimate messages sent by staff. Below are some additional generic signs that should help identify phishing attempts.


Line 21: Line 19:
**'''WARNING: Do NOT click on any links or open any attachments in a message you suspect to be a phishing attempt, as these may lead to the execution of malicious programs on your machine. Instead, hover over links to check where they really point to.'''
**'''WARNING: Do NOT click on any links or open any attachments in a message you suspect to be a phishing attempt, as these may lead to the execution of malicious programs on your machine. Instead, hover over links to check where they really point to.'''


If you ever have questions about the legitimacy of a message please open a ticket with staff by sending mail to [mailto:staff@umiacs.umd.edu staff] or call our [[HelpDesk | Help Desk]] and we can verify whether or not it was sent out by staff.
If you ever have questions about the legitimacy of a message, please contact the [[HelpDesk | Help Desk]] and we can verify whether or not it was sent out by staff.


==If You Have Fallen Victim==
==If You Have Fallen Victim==
 
If you believe you've fallen victim to a phishing attack or otherwise believe your account may have been compromised, please contact the [[HelpDesk | Help Desk]] immediately. The sooner we know about any potential issues, the sooner we can take preventive measures to make sure as little harm is done as possible. This typically will involve a password change as well as possibly locking out access to your account for some period of time while we ensure your account is secure.
If you believe you've fallen victim to a phishing attack or otherwise believe your account may have been compromised, please open a ticket via sending mail to [mailto:staff@umiacs.umd.edu staff] or contact the [[HelpDesk | Help Desk]] immediately. The sooner we know about any potential issues the sooner we can take preventive measures to make sure as little harm is done as possible. This typically will involve a password change as well as possibly locking out access to your account for some period of time while we ensure your account is secure.

Latest revision as of 19:56, 22 August 2023

Phishing attacks may be hard to distinguish from legitimate administrative messages, especially those in which the supposed UMIACS staff advise or require users to take administrative actions related to their account (e.g. storage quota, email account, or general account usage).

Below are some helpful tips and practices that will make it easier to distinguish between legitimate UMIACS staff messages and phishing attempts.

Legitimate Mail from Staff

The UMIACS intranet site, intranet.umiacs.umd.edu will always have a posted announcement of any administrative actions we wish all UMIACS users to take collectively. We suggest manually typing this address into your browser or having a bookmark for this site. This URL should also always be SSL-secured. Please check that your browser is reporting a secure connection when visiting the site. This will always be the case for any URL in the *.umiacs.umd.edu domain.

When we do send out requests for advisory and mandatory actions for a user they will usually be signed with a staff member's GPG key. We provide a tool called Verify Staff GPG Messages from the UMIACS intranet site (also linked below). This allows you to paste the text of the message and confirm that the sender is legitimate. Please note that other communications that are initiated by users through our Jira ticket system or in response to these tickets will not be signed.

Some Telltale Signs of Phishing

The above steps should ensure that you are properly able to identify legitimate messages sent by staff. Below are some additional generic signs that should help identify phishing attempts.

  • Bogus to and from addresses (not within the UMIACS or UMD domains)
  • Message not directly referencing you by name (e.g. "Hello user" or "Hello researcher")
  • Sender of message demanding that action be taken immediately or consequences will occur (without an appropriate GPG key included)
  • Poor grammar and spelling in the message
  • Hyperlinks pointing to different locations than they claim to or shady attachments being included with the message
    • WARNING: Do NOT click on any links or open any attachments in a message you suspect to be a phishing attempt, as these may lead to the execution of malicious programs on your machine. Instead, hover over links to check where they really point to.

If you ever have questions about the legitimacy of a message, please contact the Help Desk and we can verify whether or not it was sent out by staff.

If You Have Fallen Victim

If you believe you've fallen victim to a phishing attack or otherwise believe your account may have been compromised, please contact the Help Desk immediately. The sooner we know about any potential issues, the sooner we can take preventive measures to make sure as little harm is done as possible. This typically will involve a password change as well as possibly locking out access to your account for some period of time while we ensure your account is secure.