InfoSec Blog - Genuine Login Page or Phishing Page?

 

October 20, 2016

When an IT change takes place at the University of Guelph, hackers are more active.  For example, in the summer of  2016, when the University transitioned the staff email system to the new Gryph Mail Office 365, there were renewed attempts to lure our users with phishing emails containing links to an illegitimate login page.

Example of an Illegitimate SSO login page

(Image Credit: Dave Tocek, Lab Services)

 

The example phishing page above looks identical to the University SSO login page provided by CCS. It even had our new design - the responsive theme which was added during the Gryph Mail transition.  But there were still two differences:

  1. It was served from an external server (see the address circled above) instead from the CCS servers on the uoguelph.ca domain
  2. It was not signed with the University of Guelph digital certificate

 

Hopefully UofG users did not follow the link within that email and did not try to sign in. If they had they would have revealed their credentials to the hackers. 

 

So how can we tell the genuine University of Guelph SSO login page from a bogus/phishing page?

This is where the digital certificate becomes critical - it not only helps to facilitate secure communication with the server - it also verifies its identity.  The University SSO service is secured with the certificate of the highest assurance - the so called Enhanced Validity (EV) certificate which makes it easy to verify the source of the presented content.  When most modern web browsers encounter such EV certificate they display the company name right beside the address in the address bar and also often colour it green.  See the browser examples below:

FireFox

Genuine SSO login page confirmed in FireFox

 

Chrome

Genuine SSO login page confirmed in Chrome

 

Internet Explorer

Genuine SSO login page confirmed in IE

 

Take Aways

When you are signing in via the UofG SSO please look for the "University of Guelph" designation in the address bar.  If you see it, then your credentials will stay with the University.

If you are interested in technical details behind the digital certificates and various tools that use them you can start for example with the open-source project https://www.openssl.org/docs/.

If you would like to get more information please contact the Information Security team.  

 

Written by: Zdenek Nejedly (Identity and Access Management Analyst, Information Security)