Friday, 10 January 2014

Sophisticated new phishing attack



The University has been targeted by a sophisticated phishing attack. By bringing many of the tricks we’ve seen previously in other phishing emails the attackers have crafted a very convincing email that directs you to a website designed to steal your sensitive information.

Spoof Email




To draw people into the scam the attackers;

  • Spoofed their sending address so as to appear as coming from Helpdesk@sheffield.ac.uk
  • Include the Helpdesk contact details to make it more convincing
  • Include a threat that your account will be closed to scare people into responding promptly

Once the link has been clicked on people are taken to a spoof website.

Spoof Website




To convince people the website is real the attackers have:


  • Copied the University’s main sign in page
  • Reused a familiar part of University web addresses in their own website address
  • Redirect people to the University website after capturing credentials.


We have seen all of these techniques before, but this is a particularly well executed attack. There are two key things to look out for when being asked to authenticate yourself or submit sensitive information (such as banking details):


  • The domain (everything before the first /) did not end with shef.ac.uk or sheffield.ac.uk
  • The site was not secure (look for https in web addresses and the padlock icon)

Spotting phishing

We do sometimes send legitimate messages that include links to systems such as MUSE. Whenever you receive such a message you must check that the site you are being directed to really is owned by the University. Please see our phishing website and video to learn how to spot a phishing attack.

http://www.shef.ac.uk/cics/phishing

Reporting phishing

We were able to greatly reduce the impact of this attack because recipients alerted us very quickly. If you ever receive a phishing email please forward it to phishing@sheffield.ac.uk

We will take the following action:

  • Blocking the phishing site on campus
  • Warning other recipients of the email
  • Reporting the site to the appropriate authorities
  • Adding the site to Google Chrome, Firefox and Internet Explorer blacklists


If you see a phishing email please forward it to phishing@sheffield.ac.uk and mark it as spam; that way both us and Google will know to take action.