Difference between revisions of "Spear phishing attack"

From ECE Information Technology Services
Jump to navigationJump to search
(Announcement)
 
(Fixed link)
Line 27: Line 27:
 
== What to Do ==
 
== What to Do ==
  
If you have fallen for the scam, [[change your password|How To Change Your Password]] immediately.
+
If you have fallen for the scam, [[How To Change Your Password|change your password]] immediately.
  
 
== More Information About Phishing ==
 
== More Information About Phishing ==

Revision as of 09:03, 20 September 2013

Fraudsters have been launching a spear-phishing attack against ECE e-mail users. Please disregard messages asking you to log in on non-ECE and unencrypted websites, such as the one below.

From: The University of British Columbia <mistyblue01@atlanticbb.net>
Subject: UBC info centre


Electrical and Computer Engineering
The University of British Columbia
5500 - 2332 Main Mall
Vancouver BC V6T 1Z4
Canada

Deal All

A private message have been sent to you by the HEAD of department. Use the link below to Login and view your message.

http://[REDACTED].webs.com/

Sign.
HEAD of department
UBA info centre
© Copyright 2013 The University of British Columbia


What to Do

If you have fallen for the scam, change your password immediately.

More Information About Phishing

ECE IT Services does not normally nag users after every phishing attack. However, this one is specifically targeted to ECE and therefore deserves special mention.

To protect yourself and the department's computing resources, please be aware:

  • Any e-mail announcement regarding your ECE account should cross-reference a website with *.ece.ubc.ca in the URL. You should be suspicious of any message that does not.
  • Any notice regarding your account will be signed by a named member of ECE IT Services staff, never from a generic entity such as "Your ece.ubc.ca webmail team".
  • Never reveal your password to any person. ECE IT Services staff will never ask you for your password.
  • All legitimate ECE services will use encrypted connections for logging in. (HTTPS, SSH, and IMAPS are examples of secure protocols.) Any service that asks you to enter your ECE password over an unencrypted HTTP connection or to send your password by e-mail is fraudulent.
  • If in doubt about a suspicious message purporting to be from ECE IT Services, we encourage you to ask us.
  • Pay attention to details of your e-mails. For example, in the sample message above, the From-address should raise your suspicion.