Protecting sensitive data
October is Cyber Security Month
Forged web sites are commonly used for phishing attacks. Attackers set up fake (or forged) web sites that mimic legitimate ones to trick you into handing over sensitive information such as your username and password. Learn what to look out for and how to protect yourself with these easy tips.
An attacker will include the link to their fake web site in their email, enticing you to click on the link that takes you to a fake login form. The login form appears to be authentic, but the site is really controlled by an attacker. This means anything you enter into the form, such as your username and password, is captured by the attacker and they can use the information to:
- Gain access to your finances and accounts.
- Gain control of your computer and/or network.
- Gain access to the University’s network and other resources.
To make things more difficult, attackers often impersonate members of authority like HR or IT departments to gain your trust. For example, an email, made to look like it is coming from your IT department, may direct you to click a link to reset or review your password. After clicking the link in the email, you are brought to a fake login page that the attacker uses to collect your username and password.
How can you protect yourself?
Just because a web site includes a company’s logo or looks like a real page, doesn’t mean that it is! Banners, logos, and color schemes, from legitimate web sites are easy for attackers to mimic to build a false sense of trust. To avoid forged web sites, before you click a link within an email look out for the following:
- Was the email sent by an unknown sender?
- Is the email unsolicited?
- Are there any missing or replaced characters?
- Is the link a shortened URL?
If you’ve answered “yes” to any of these questions, you may have received a phishing link and you should delete the email or forward the email to spam [at] umanitoba [dot] ca.
If you click a link and you are at all unsure about a web site, do not sign in or provide any information. Close your browser and forward the email to spam [at] umanitoba [dot] ca.
Information security starts with you!
If you receive an email and you are unsure if the attachment is malicious, delete the email or forward it to spam [at] umanitoba [dot] ca. If you have downloaded an attachment that you think could be malicious contact the Service Desk immediately at 204-474-8600 or servicedesk [at] umanitoba [dot] ca. For more information about Phishing visit http://umanitoba.ca/computing/ist/security/phishing.html