Phishing
Phishing refers to different types of online scams that ‘phish’ for your personal and financial information (e.g., your passwords, PPS number, bank account information, credit card numbers, or other personal information).
These communications claim to come from a legitimate source: a well-known software company, online payment service, bank, or other reputable institution. Some will use an organisation's email address, logo, and other trademarks to fake authenticity. Phishing messages may also appear to be from a trusted friend or colleague.
Phishing communications can come from a growing number of sources, including:
- Phone calls
- Fraudulent software (e.g, anti-virus)
- Social Media messages (e.g., Facebook, Twitter)
- Advertisements
- Text messages
More sophisticated attacks, known as spear phishing, are personalised messages from scammers posing as people or institutions that you trust. They often collect identifiable information about you from social media or the compromised account of someone you know to make their messages more convincing. Never transmit sensitive information over email or social media, even if the communication requesting information appears to be legitimate.
Signs of phishing include:
- Ultimatum: An urgent warning attempts to intimidate you into responding without thinking. ‘Warning! You will lose your email permanently unless you respond within 7 days’.
- Incorrect URLs: Scammers may obscure URLs by using hyperlinks that appear to go to a reputable site. Hover your mouse over any suspicious links to view the address of the link. Illegitimate links often contain a series of numbers or unfamiliar web addresses.
- No signature or contact information: Additional contact information is not provided.
- Too good to be true offer: Communications about contests you did not enter or offers for goods or services at an unbelievable price are likely fraudulent.
- Style inconsistencies: Pop up windows that claim to be from your operating system or other software may have a different style or colours than authentic notifications. Communications that claim to be from a reputable organisation may be missing branding aspects such as a logo.
- Spelling, punctuation, or grammar errors: Some messages will include mistakes. ‘Email owner that refuses to update his or her Email, within Seven days’
- Attention-grabbing titles: "Clickbait" titles (e.g., "You won't believe this video!") on social media, advertisements or articles are sensationalist or attention-grabbing and sometimes lead to scams.
Don’t be fooled! These are fraudulent communications that in most cases have nothing to do with the institution they claim to be affiliated with. Opening, replying, or clicking the links provided in these emails poses a serious security risk to you and the campus network.
Some of the risks involved are:
- Identity theft: Once you provide your personal information in response to a phishing attempt, this information can be used to access your financial accounts, make purchases, or secure loans in your name.
- Virus infections: Some fraudulent emails include links or attachments that, once clicked, download malicious software to your computer. Others may also install keystroke loggers that record your computer activity.
- Loss of personal data: Some phishing attacks will attempt to deploy crypto malware on your machine, malicious software that encrypts files on a victim’s computer and denies owners access to their files until they pay a ransom.
- Compromising institutional information: If your university IT account is compromised, scammers may be able to access sensitive institutional information and research data.
- Putting friends and family at risk: If your personal information is accessed, attackers will scan your accounts for personal information about your contacts and will in turn attempt to phish for their sensitive information. Phishers may also send emails and social media messages from your accounts in an attempt to gain information from your family, friends, and colleagues.
- Do not reply, even if you recognise the sender as a well-known business or financial institution. If you have an account with this institution, contact them directly and ask them to verify the information included in the email.
- Do not click any links provided in these emails (or cut and paste them into a browser). This may download viruses to your computer, or at best, confirm your email address to phishers.
- Do not open any attachments. If you receive an attachment you are not expecting, confirm with the senders that they did indeed send the communication and meant to send an attachment.
- Do not enter your personal information or passwords on an untrusted Web site or form referenced in this email.
- Report any suspicious messages that claim to be from DCU or contain a suspicious attachment or link to Google via the Report Phishing option located the right side of each email beside the Reply option. See below.
- Delete the message.
If you receive a suspicious email, you should contact ISS immediately by logging a ticket with the details, https://www.dcu.ie/iss
Email is not a secure method of communicating sensitive information. Remember that legitimate financial institutions never ask for sensitive information via email.
Check your bank and credit card accounts for any suspicious activity or unauthorised charges. Sign up for online statements if you do not already receive them to get the latest information.
Revenue.ie: "If you receive an unsolicited email purporting to be from Revenue with a link to a website you should ignore it. Revenue will never send emails which require customers to send personal information via email or pop-up windows."
To ensure that your email isn't mistaken for an infected message:
- Always include a clear, descriptive subject for your email.
- Consider using a signature, your name and contact information, on your email.
- Always include a mention of the attachment and a description of why you are sending it in the body of your email.
- Use a unique password for each of your online accounts. Many people reuse a favorite password for multiple accounts, but if one of these accounts is compromised, they will all be at risk of data breach. ISS recommend that you use a password generator to ensure that the same password is not reused.
- Run a full virus scan of your computer every month. To detect the latest viruses, you must use a current version of your anti-virus software and keep it updated. ISS recommend that you use MacAfee which actively checks your computer for anti-virus software, firewall protection, and web security, and threats in your open applications. Contact ISS for a licence of MacAfee.
- Update your device's operating system with the latest security patches, including your mobile operating system. Use Windows Update (Windows) or Apple Software Update (Macintosh) and enable automatic updates to receive security patches as soon as they are released.
- Keep your software updated, especially your Web browser, mobile operating system, Adobe Reader, and Flash Player.
McAfee Labs Threat Advisory PDF
Ransomware is a Malware/Virus that stops you from using your PC. It holds your PC or files for ransom.
There are different types of ransomware, however all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.
They can:
- Prevent you from accessing Windows.
- Encrypt files so you can't use them.
- Stop certain apps from running (like your web browser).
- Demand you pay money.
- Make you complete surveys.
- Often the ransomware will claim you have done something illegal with your PC, and that you are being fined by a police force or government agency.
- These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your PC.
- There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
- File Encryptor - Encrypts personal files/folders (e.g., the contents of your My Documents folder - documents, spreadsheets, pictures, videos). Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment. You may see a lock screen but not all variants show one. Instead, you may only notice a problem when you attempt to open your files.
- WinLocker - Locks the screen (presents a full-screen image that blocks all other windows) and demands payment. No personal files are encrypted.
- MBR Ransomware - The Master Boot Record (MBR) is a section of the computer’s hard drive that allows the operating system to boot up. MBR ransomware changes the computer’s MBR so the normal boot process is interrupted and a ransom demand is displayed on screen instead.
As with a lot of malware, the majority of ransomware is targeted at the Microsoft Windows operating system.
- Avoid opening any attachment emailed to you that you were not expecting or can not be verified from a known source.
- Watch out for emails with attachments suggesting you must reply quickly or 'act fast' and hence, feel compelled to open the attachment quickly - without considering the source.
- It’s essential to check the content of the messages you receive by email. As well as the content of emails, their attachments have become a very common method for propagating malware, which is one of the main means of infection by ransomware. For this reason, practices like checking the sender of a message, taking care of offers that sound just too tempting to resist, checking that it is really an email that has been sent, and not clicking on suspicious links are basic measures to take in order to avoid falling victim to tricks that might result in infection.
- For the record, we are Information Systems Services (ISS) and any communication from us should be personally signed – if in doubt, look up the sender from the DCU phone directory: here
If you think that you may have been infected please contact Information Systems Services (ISS) immediately: iss.servicedesk.dcu.ie or call ISS on (01) 700 5007