October is Cyber Security Awareness Month and we are reminded of frequent Phishing attacks within the university setting. Phishing is the fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
One such attempt started late last week in which CWRU email users received spam targeting CWRU’s Single Sign-on service. The email reads:
We detected irregular action on your e-mail system on October 3, 2010. As the Primary owner, you must verify your account activity before you can continue using your account, and upon verification, we will remove any restrictions placed on your account. Click on the link below: https://convincing fake link (removed for security reasons)
Do not click the link! Doing so directs users to a fake Single Sign-on login site that closely replicates CWRU’s page. If you provide your CWRU Network ID and password through the fake site, or to anyone, then others can steal your campus identity, spam other institutions, and gain access to other applications within your department. Both sites hosting the fake SSO pages have been shut down. Users are advised to beware that such attacks occur on a weekly basis. Visit http://help.case.edu/Article/45/articleId__27196/cat__Information+Security/
If you have given your credentials to these fake sites, change your CWRU Network ID password immediately and contact the CWRU Information Technology Services Help Desk at 216.368.HELP (4357). If you have any questions or concerns about an email you think might be a fake, contact your local IT support person or the Help Desk for assistance.