 |
Center for IT Services - University of Moratuwa has identified many phishing incidents coming to the UoM user accounts recently. If you have clicked any suspicious link on your email, please CHANGE YOUR PASSWORD through LearnOrg and inform us (cites@uom.lk) for further assistance. |
Remember the only way to prevent phising attack is to educate yourself and be extremely cautious when accessing electronic media. And NEVER think that you are not worth enough to target by an attacker.
What is a phishing attack?
Phishing is a fraudulent process of attempting to acquire sensitive information such as usernames, passwords and bank or credit card details by criminals masquerading as a trustworthy person or organisation in an electronic communication. Phishing attacks are most often launched by email, although some have been seen using other methods such as mobile phone text messages.
CITeS has detected quite a number of phishing attempts to gather usernames and passwords for University services, which have been rapidly increasing In the recent past. Many people have been tricked by these scams and in some cases, University accounts have been compromised and abused by attackers. Such account abuse may cause considerable inconvenience and/or damage to reputation for the account owner and potentially for the University as a whole. And those compromised accounts can be used by the attackers to spread the scam more authentic manner.
What is the aim of this attack?
The main aim of this attack is to force user to input their confidential information(such as username, password etc) into a fake web system. This make easy for the hackers to collect all university users confidential information and hackers can misuse those information.
In what types of modes this attack can be introduced?
Typically this attack is initiated with an email instructing the users to change their password, increase their email quota, validate their account etc. In some cases atacker impersonate as deputy registrar, registrar, vice chancellor, deputy vice chancellor, dean or a department head and ask you to click on some link to see a message from them.
Following is a screen capture of a real phishing email which spamed recently.
As you can see in order to see the message you need to click on the link and it redirect you to an interface very much similar to our University web mail system. Following is a screen capture of the fake system.
Once you enter your emaill and password, attacker gain access to your account. So the attacker can use your account and send phising emails to addresses that are in your contact list as you which allows the attacker to spead his attack in more authentic manner.
How can you identify a message as a phishing attempt?
- It includes suspicious attachments or links.
- Hovering mouse over 'CLICK HERE' link does not in the university domain.(In the above incident link redirects to https://web- maill-uom-lk.weebly.com/; which is again not the university domain.)
- Incoming email address does not include university domain.(In the above incident event the sender's name is authentic. Sometimes attackers may even use IT Helpdesk, Support Team as sender's name. But the incoming email address is patrickandfrancesconnolly@gmail.com; which is not the university domain.)
- The site you visited after clicking the given link does not contain “uom.lk" domain name.
- Legit emails usually call you by your name (In the above incident the email is addressed by Hello)
- Poor grammar.
- The message creates a sense of urgency
Does CITeS ask for your UOM Username and Password?
The CITeS will never ask for your Username and Password via email.
The only way of changing the password of your account is by visiting https://lms.mrt.ac.lk. Check out the Instructions to reset your password.
What are the actions that can be taken by university users?
When University users come across this types of attacks related to their university web accounts,they should immediately inform the Center for IT Services (CITeS) using the following contacts. Then we can block those web sites and prevent further spreading.
Email: cites@uom.lk
Telephone Direct: 0112650650
General Notice for all University account users
- Never submit University credentials (username and password) online without identifying the SSL Secure green mark within the URL address on your browser. Also address should end with mrt.ac.lk or uom.lk .
- Never respond to any suspicious email messages.
- Never click on any suspicious links displayed in websites or emails you receive.
- If you accidentally follow any of the above please change your account password immediately using ( LearnOrg: lms.mrt.ac.lk ). Contact CITeS for further clarifications.
- Immediately forward all suspicious emails you received, to cites@uom.lk .
How to report Phishing web sites
If you learn of an active phishing website that is not already warning users, notify the main web browsers that it is deceptive and should be blocked. When a site is reported as deceptive the browser will display a warning before showing the page.
Fire Fox
- Select Help > Report Deceptive Site
- Paste the URL of the phishing site
- Click I am not a robot
- Submit Report
Internet Explorer
- Select Settings
- Select Safety > Report unsafe website
- Select “I think this is a phishing site”
- Enter the Captcha
- Submit
Chrome and Safari
- Visit https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
- Paste the URL of the phishing site
- Click I am not a robot
- Submit Report
Microsoft Edge
- Visit the site you believe is unsafe.
- Click the menu icon (“…”) in the top-right of the Edge interface.
- Select “Help and feedback” > “Report unsafe site”.
- Fill out the form to complete your submission.
NOTE: If any compromised account is found on University system, CITeS Systems Engineers will disable the account immediately without prior a notification!