November 18, 2015, by Aleisha Turner

Phishing – don’t get caught out

This morning the IT Service Desk was alerted to a Phishing email attack. I received one of these emails at 10:01 this morning and want to share some tips avoid becoming a victim of one of these campaigns because these attempts to extract information pose a serious risk to your email accounts and personal data. A Phishing campaign is an email that prompts you to provide personal details or log-in credentials so the attacker can shut down or falsely use your online accounts (banking, email, social media etc). The University will never contact you in this way and will never ask for you to provide your username, password or bank details.

Here are a few tips for identifying a Phishing email:

  1. Check out the ‘from’ email address – does it appear to be legit?
    Today’s attack appeared to be from a member of UoN staff which threw me at first.
  2. Check for obvious spelling, grammar and other mistakes and other things like font colour.
    Today’s attack alerted me to an attempt to log into my email in the future, which rang alarm bells. hmm.. am I taking a trip to Germany that I don’t know about?
  3. Check that links embedded in the email are safe by hovering over them with your mouse – does it point somewhere suspicious?
    The link in today’s email pointed to ‘nothingwebmail.bythehost7’ which doesn’t match the sender’s email domain.
  4. Is it addressed to you personally or does it have a generic greeting? What does the email signature say?

If you receive an email like the one below in your University email Inbox don’t click on any links within the email and forward it to the IT Service Desk to alert them to the attack and then delete it.

Here’s the full text of the email I received this morning:

Dear Webmail User.

We detected a Login attempt with valid password to your webmail. Nottingham email account from an unrecognized device on Weds Nov 18th, 2015 10:20 PM .

Location: Germany (IP=3D81.169.136.48) Note: The location is based on information from your Internet service or wireless
carrier provider.

Was this you? If so, you can disregard the rest of this email.

If this wasn’t you, please login by clicking this link (link not included for obvious reasons) to confirm your ownership of this account and to protect your email account information from potential future account compromise.

ITS service Team
© Copyright 2015.
All Rights Reserved
Webmail Account Alert!!!


Posted in Cyber Securityphishing