Published on Computing & Communications Services (https://www.uoguelph.ca/ccs)

Home > InfoSec Blog - Phishing Alert!

InfoSec Blog - Phishing Alert!

July 19th, 2017

Yesterday a large number of users on campus received a targeted phishing email impersonating President Vaccarino.  The email contained a link to a page made to look very similar to our single sign-on page which would steal any credentials that were entered. This incident serves as a reminder of the constant dangers associated with phishing, as any stolen credentials could be used to perform malicious activities, such as accessing our systems and data, spreading malware, or initiating additional phishing campaigns.

How We Responded

The Information Security team takes phishing attacks very seriously, especially those that impersonate University administration or the Help Center.  As soon as we became aware of this message, we took immediate action to stop the flow of these emails and to limit the potential impact to campus. Specifically, we blocked the senders of these emails, blocked the URLs they were linking to on campus, and reported the URLs to the appropriate authorities.  

How to Recognize this as a Phishing Email

Illustration of Phishing Email Received

What To Do If You Clicked the Link

While these actions were completed as quickly as possible, there is the potential that some users clicked on the link within the email and completed the form. If you did complete the form, please change your Central Login password immediately, and check your account for any suspicious activity. For example, in Office365 verify that email forwarding has not been enabled. Please contact the CCS Help Center if you require any assistance with this.

Additional Resources

The InfoSec website has a large number of blog posts on a wide range of security topics and we keep adding new content every month. Please take this opportunity to review these materials and remind your community of these resources. Here are a few posts specific to phishing:

  • Do You Know How to Recognize a Phishing Scam? [1]
  • The Impact of Phishing [2]
  • Genuine Login Page or Phishing Page? [3]
  • Spear Phishing and Whaling [4]
  • Learn What It Takes to Refuse the Phishing Bait! [5]

 

As always, please engage the Information Security team if you have security concerns or to report an incident (infosec@uoguelph.ca [6]). 

 

Written by: Stephen Willem (Manager, CCS Information Security)

Keywords: 
Phishing [7]
scam [8]
security attack [9]

Our Vision

To be technology and knowledge solution leaders, partnering with University communities, enabling excellence in teaching, learning and research.

Our Purpose

Changing lives, improving life by enabling our community.

Our Core Values

Service Culture, Integrity, Individual Leadership, Teamwork, Agility, Communication

Find us on Social Media

  • RSS - RSS

  • YouTube - CCS – University of Guelph

  • Twitter - U of G CCS IT Service Desk

About CCS

Computing & Communications Services (CCS) is U of G’s central IT department, providing core IT services to the greater campus community.

Click4Assistance UK Live Chat Software

Source URL:https://www.uoguelph.ca/ccs/infosec/phishing_july2017

Links
[1] https://www.uoguelph.ca/ccs/news/do-you-know-how-recognize-phishing-scam [2] https://www.uoguelph.ca/ccs/infosec/phishingimpact [3] https://www.uoguelph.ca/ccs/infosec/evcertificates [4] https://www.uoguelph.ca/ccs/infosec/whaling [5] https://www.uoguelph.ca/ccs/infosec/whenindoubt [6] mailto:infosec@uoguelph.ca [7] https://www.uoguelph.ca/ccs/tags/phishing [8] https://www.uoguelph.ca/ccs/tags/scam [9] https://www.uoguelph.ca/ccs/tags/security-attack