Difference between revisions of "Spear Phishing Attack (June 2014)"

From ECE Information Technology Services
Jump to navigationJump to search
(Announcement)
 
m
 
Line 3: Line 3:
 
It has come to our attention that there has been a spear phishing attempt against ECE account holders.  You may have received a message similar to the one quoted below, purportedly signed by Andre Ivanov.  The message contains a link to a fake website that looks like the ECE Webmail login page, but is in fact nothing of the sort.  (If you inspect the URL, you'll see that it is actually a fraudulent login page hosted on the webs.com free web hosting service.)
 
It has come to our attention that there has been a spear phishing attempt against ECE account holders.  You may have received a message similar to the one quoted below, purportedly signed by Andre Ivanov.  The message contains a link to a fake website that looks like the ECE Webmail login page, but is in fact nothing of the sort.  (If you inspect the URL, you'll see that it is actually a fraudulent login page hosted on the webs.com free web hosting service.)
  
WHAT TO DO:
+
== What to do==
  
1) Do NOT follow the link.  Do NOT enter any information on the web page at that link.
+
# Do '''not''' follow the link.  Do '''not''' enter any information on the web page at that link.
 +
# If you have accidentally entered your login credentials, please consider your account to be compromised.  You must immediately '''change your password'''.  (See https://help.ece.ubc.ca/How_To_Change_Your_Password for instructions.)
 +
# If you have any questions about this incident, please do not hesitate to ask a member of the IT Staff (e-mail help@ece.ubc.ca or stop by MacLeod 105).
  
2) If you have accidentally entered your login credentials, please consider your account to be compromised.  You must immediately CHANGE YOUR PASSWORD.  (See https://help.ece.ubc.ca/How_To_Change_Your_Password for instructions.)
 
  
3) If you have any questions about this incident, please do not hesitate to ask a member of the IT Staff (e-mail help@ece.ubc.ca or stop by MacLeod 105).
+
== Reminder about our anti-phishing measures ==
 
 
 
 
REMINDER ABOUT OUR ANTI-PHISHING MEASURES
 
  
 
* We do not normally send out warnings for every phishing attempt.  However, this attack was unusually well crafted, and merits special treatment.
 
* We do not normally send out warnings for every phishing attempt.  However, this attack was unusually well crafted, and merits special treatment.
 
 
* To help you verify their authenticity, mass announcements such as this one will always be cross-posted to the ECE website.  For example, this announcement also appears at https://help.ece.ubc.ca/Spear_Phishing_Attack_(June_2014) .
 
* To help you verify their authenticity, mass announcements such as this one will always be cross-posted to the ECE website.  For example, this announcement also appears at https://help.ece.ubc.ca/Spear_Phishing_Attack_(June_2014) .
  
Derek Poon
+
Derek Poon<br>
 
UBC IT Services @ ECE
 
UBC IT Services @ ECE
  
 
+
<pre>
 
On Jun 12, 2014, at 12:02 , ECE Administration <helpdesk569@hotmail.com> wrote:
 
On Jun 12, 2014, at 12:02 , ECE Administration <helpdesk569@hotmail.com> wrote:
 
 
  
 
Dear Staff/Student
 
Dear Staff/Student
  
All latest information on seminars, UBC Research Day, assignments, examinations, etc has been posted on the Electrical and Computer Engineering Info Center page for everyone access. For more information and clarifications, Please log-on to the Electrical and Computer Engineering Info Center using the link provided below and a verification link will be sent to you Within 24hrs for all the information and clarifications.
+
All latest information on seminars, UBC Research Day, assignments, examinations,
 +
etc has been posted on the Electrical and Computer Engineering Info Center page
 +
for everyone access. For more information and clarifications, Please log-on to the
 +
Electrical and Computer Engineering Info Center using the link provided below
 +
and a verification link will be sent to you Within 24hrs for all the information and
 +
clarifications.
  
 
Click here [LINK] For more information and clarifications
 
Click here [LINK] For more information and clarifications
  
This notice is from the Electrical and Computer Engineering Computing & Information Technology.
+
This notice is from the Electrical and Computer Engineering Computing &
 +
Information Technology.
  
 
Copyright © 2014 Electrical and Computer Engineering,  
 
Copyright © 2014 Electrical and Computer Engineering,  
Line 38: Line 39:
 
              
 
              
 
                   Department Head ( Andre Ivanov )
 
                   Department Head ( Andre Ivanov )
 +
</pre>

Latest revision as of 12:14, 12 June 2014

Members of the ECE Department,

It has come to our attention that there has been a spear phishing attempt against ECE account holders. You may have received a message similar to the one quoted below, purportedly signed by Andre Ivanov. The message contains a link to a fake website that looks like the ECE Webmail login page, but is in fact nothing of the sort. (If you inspect the URL, you'll see that it is actually a fraudulent login page hosted on the webs.com free web hosting service.)

What to do

  1. Do not follow the link. Do not enter any information on the web page at that link.
  2. If you have accidentally entered your login credentials, please consider your account to be compromised. You must immediately change your password. (See https://help.ece.ubc.ca/How_To_Change_Your_Password for instructions.)
  3. If you have any questions about this incident, please do not hesitate to ask a member of the IT Staff (e-mail help@ece.ubc.ca or stop by MacLeod 105).


Reminder about our anti-phishing measures

  • We do not normally send out warnings for every phishing attempt. However, this attack was unusually well crafted, and merits special treatment.
  • To help you verify their authenticity, mass announcements such as this one will always be cross-posted to the ECE website. For example, this announcement also appears at https://help.ece.ubc.ca/Spear_Phishing_Attack_(June_2014) .

Derek Poon
UBC IT Services @ ECE

On Jun 12, 2014, at 12:02 , ECE Administration <helpdesk569@hotmail.com> wrote:

Dear Staff/Student

All latest information on seminars, UBC Research Day, assignments, examinations,
etc has been posted on the Electrical and Computer Engineering Info Center page
for everyone access. For more information and clarifications, Please log-on to the
Electrical and Computer Engineering Info Center using the link provided below
and a verification link will be sent to you Within 24hrs for all the information and
clarifications.

Click here [LINK] For more information and clarifications

This notice is from the Electrical and Computer Engineering Computing &
Information Technology.

Copyright © 2014 Electrical and Computer Engineering, 
All Rights Reserved.
             
                  Department Head ( Andre Ivanov )