Detecting phishing emails – more dodgy emails doing the rounds

Today we have received a number of enquiries from staff who have received emails which look as if they might have come from admin@stir.ac.uk.

 

These are the latest round of phishing emails, designed to trick users into thinking that they are required to undertake a task of some sort (such as validating your email address, or clicking to claim more file store).  These are malicious attempts to acquire your network username and password.

 

How do you know if an email of this sort is genuine?

Here are a few pointers / things to think about if you are not sure about the validity of an email

 

1.  Information Services / the uni will NEVER send you an email asking you to click a link to validate your account details.  Don’t ever give your network password to anyone.

2.  If an email looks suspicious to you, you’re probably right to be suspicious.

  • Pay close attention to the ‘From’ address.  The latest spate of emails looked something like this:
    admin@stir.ac.uk [mailto:juan.munoz@usach.cl] 
    so the email address being spoofed is admin@stir.ac.uk but the real email address behind the spoof is juan.munoz@usach.cl
  • Watch out for suspicious looking web addresses eg http://mail-stir-ac-uk-owa-auth-logon-aspx-repl.weebly.com/  (it’s unlikely that IS would send out a web address from weebly.com)
  • Bad grammar / poor english is usually a sure sign that the sender is not from an organisation.  In IS our grammar ain’t that bad usually.

 

Hopefully these tips will help you to detect phishing emails.  You can read more about phishing in our previous blog postings:

 

 

Information Centre
Stirling University Library
infocentre@stir.ac.uk