Phishing attacks may be hard to distinguish from legitimate administrative messages, especially those in which the supposed UMIACS staff advise or require users to take administrative actions related to their account (e.g. storage quota, email account, or general account usage).
Below are some helpful tips and practices that will make it easier to distinguish between legitimate UMIACS staff messages and phishing attempts.
Legitimate Mail from Staff
The UMIACS intranet site will always have a posted announcement of any administrative actions we wish our users to take. We suggest to always type this address into your browser or have a bookmark for this site. This URL will also always redirect to a SSL secured site. Please check that your browser is reporting a secure connection when visiting the site. This will always be the case for any URL in the *.umiacs.umd.edu domain and is currently valid until March 15th, 2017. UMIACS staff will communicate any changes or updates to the certificate validating this via an announcement.
When we do send out requests for advisory and mandatory actions for a user they will be signed with a staff member's GPG key. We provide a tool called Verify Staff GPG Messages from the UMIACS intranet site (also linked below). This allows you to paste the text of the message and confirm that the sender is legitimate. Other communications that are initiated by users through our Jira ticket system or in response to these tickets will not be signed.
Some Telltale Signs of Phishing
The above steps should ensure that you are properly able to identify legitimate messages sent by staff. Below are some additional generic signs that should help identify phishing attempts.
- Bogus to and from addresses (not within the UMIACS or UMD domains)
- Message not directly referencing you by name (e.g. "Hello user" or "Hello researcher")
- Sender of message demanding that action be taken immediately or consequences will occur (without an appropriate GPG key included)
- Poor grammar and spelling in the message
- Hyperlinks pointing to different locations than they claim to or shady attachments being included with the message
- WARNING: Do NOT click on any links or open any attachments in a message you suspect to be a phishing attempt, as these may lead to the execution of malicious programs on your machine, instead, hover over links to check where they really point to
If You Have Fallen Victim
If you believe your account has been compromised as a result of phishing, please open a ticket via sending mail to staff or contact the Help Desk immediately. The sooner we know about any potential issues the sooner we can take preventive measures to make sure as little harm is done as possible. This typically will involve a password change as well as possibly locking out access to your account for some period of time while we ensure your account is secure.