Wednesday, June 17, 2015

Reminder: Don't Be Hooked by Phishing

From time to time, we remind readers of email frauds including "phishing" attacks specifically aimed at UCLA. If you get an email, supposedly from UCLA, saying you somehow have to renew or reactivate your email account, delete it. Do not click on any link provided.

Apparently, there is a current phishing attack against UCLA. Here is a notice I received from the folks who run the Anderson system:

The UCLA IT Security Office has reported that there is a new phishing email that has been making its way across campus.  Apparently, it originated from a legitimate UCLA email account that had been compromised.   If anyone has received a message like the one posted at the end of this notice, please just delete it.   If anyone actually followed the link in the original email and entered his/her credentials on its website, he/she should consider their credentials compromised and must change them.

The phony phishing email in question below has all the hallmarks of fraud including strange English since the attacks are often of foreign origin. "Current" is capitalized. No space between 24 and hours The first two sentences are separated by a comma. "...loose access to your account soon as..."  Etc.

Your Current password will expire in the next 24hours , you are here by directed to kindly click on Sign in to kindly reset your password or you will loose access to your account soon as your password expires.
NOTE: Your login will time out after 60 minutes. Your responses will be lost if you do not click on the "Sign in" button before 60 minutes lapses. There is no prompt when your 60 minute session has expired. Please save extensive comments periodically and check your time.

Again, ignore all such messages and delete them.

No comments: