Over the last few days we have seen a large number of phishing emails arriving in staff inboxes. The latest ones have been sent from internal email addresses so may even have come from someone you know. Hackers are able to send these emails because they trick one of our community into answering an earlier phishing email (see below for some of the standard types of emails which are common). When our staff member has given up his/her network account details, the hackers then log into their account and send out thousands more phishing emails FROM that staff member’s account. These ones are far more dangerous as they have an air of authenticity having come from a Stirling email account.
At this point, the hackers have access to the university network, including the private home folder (H: drive) and all shared folders (S: drive) of the hacked user, plus all business and any personal information stored in their mailbox.
It is also possible for hackers to “spoof” the email address of one of our users so that an email will appear to have been sent from a Stirling email address eg email@example.com or firstname.lastname@example.org or similar. In these scenarios the underlying account has not been compromised but the hackers hope to make their email look authentic by using familiar email addresses.
How to avoid becoming a victim of a phishing email
The bottom line is you must NEVER give your network password to ANYONE no matter who you think they may be. Information Services / the Information Centre will never ask you for your password, and neither should anyone else.
Common types of phishing emails
Usually phishing emails claim to be from the university or from the helpdesk, and invariably ask you to click on a link to update your account as your email quota has been met, or give some similar message of impending technical disaster. These are the subject lines of some of those going around recently:
- ‘Warning Alert!’
- ‘FINAL WARNING’
- ‘Emergency notice’
- ‘Final Warning Notification’
These are malicious emails which are designed and sent out in the millions to target institutions like the university, in the hope that someone amongst us will click the link to their site and enter their university username/password. They are looking for a way in to hack institutional systems or steal personal information from users.
Find more detailed information about how to handle suspicious email, see our blog posting about phishing : http://blogs.stir.ac.uk/isnews/?p=3144 Microsoft also have some advice on identifying phishing emails on their site: http://www.microsoft.com/en-GB/security/online-privacy/phishing-symptoms.aspx
If you have recently answered one of these emails and given away your password, please contact the Information Centre immediately.
We do not need to be informed when you receive suspicious emails – our advice is always to simply delete them, as there is nothing we can do initially to block them. Staff email accounts are automatically disabled if they are believed to have been compromised by phishing, however there is a period of time required to detect this activity and you may continue to receive them during this period.
BE VIGILANT, BE SAFE.
Stirling University Library