Phishing attacks may be hard to distinguish from legitimate administrative messages, especially those in which the supposed UMIACS staff advise or require users to take administrative actions related to their account (e.g. their storage quota, their email account, or their account usage).
Below are some helpful tips and practices that will make it easier to distinguish between messages from legitimate UMIACS staff and phishing attempts.
Legitimate Mail from Staff
The UMIACS intranet site will always have a posted announcement of any actions we wish our users to take. We suggest to always type this address into your browser or have a bookmark for this site.
Going to the UMIACS intranet site will redirect you to a SSL secured site. Please check that your browser is reporting a secure connection. This will always be for *.umiacs.umd.edu and is currently valid until March 15th, 2017. UMIACS staff will communicate any changes or updates to the certificate validating this via an announcement.
When we do send out requests for advisory and mandatory actions for a user they will be signed with a staff member's GPG key. We provide a tool called Verify Staff GPG Messages from the UMIACS intranet site (also linked below). This allows you to paste the text of the message and confirm that the sender is legitimate. Other communications that are initiated by users through our Jira ticket system or in response to these tickets will not be signed.
Some Telltale Signs of Phishing
The above steps should ensure that you are properly able to identify legitimate messages sent by staff. Below are some additional generic signs that should help identify phishing attempts.
- Bogus to and from addresses (not within the UMIACS or UMD domains)
- Message not directly referencing you by name (e.g. "Hello user" or "Hello researcher")
- Sender of message demanding that action be taken immediately or consequences will occur
- Poor grammar and spelling in the message
- Hyperlinks pointing to different locations than they claim to
- WARNING: Do NOT click on any links in an email you suspect to be a phishing attempt, as these may lead to the execution of malicious programs on your machine, instead, hover over the link to check where the link really points to
If You Have Fallen Victim
If you believe your account has been compromised as a result of phishing, please open a ticket via sending mail to staff or contact the Help Desk immediately. The sooner we know about an issue the sooner we can take preventive measures to make sure as little harm is done as possible. This typically will involve a password change as well as possibly locking out access to your account for some period of time while we ensure your account is secure.