Phishing continues

in Security Alerts for BU
April 23rd, 2014

The phishing scammers are at it again.

The phishing scammers are trying again. We have received several reports this morning of the message below being received by members of our community. This is the kind of phishing message we believe was responsible for the direct deposit problem we reported earlier this month, and the scammers are trying to use the fact that they were successful last time to continue and extend their crime. This message claims to be from security and talks protecting you from the evils of phishing.

If you inadvertently clicked on this messages already, please contact the IT Help center for assistance with resetting your password.

The way that you can really tell that this message is a fake—is that it claims to be from BU, it even uses our logos, but it is sending you to a link that is not a bu.edu link.

A real BU link will always have “ .bu.edu/ ” in it.
There is always a dot before bu and always a slash after edu

These are examples of legitimate URLs:

You can see in the message below, that they are trying to look like a BU URL by including “bu.edu”, but it is not preceded by a dot as shown above. A small, but crucial difference.

Jan14phish

Another few things to look for:

  • If you are prompted to Web Login, make sure it is the authentic BU Web Login page which begins with https://weblogin.bu.edu/something
  • And remember that BU will NEVER ask you for your password or ask you to “verify” it; nor would any other legitimate business or institution. It is important that you safeguard your passwords and never give them to anyone.

For more good ways to detect phishing, go to: http://www.bu.edu/infosec/howtos/how-to-detect-phishing/

Additional information on phishing is provided by IS&T at http://www.bu.edu/tech/phishing

 

Making your spam/phishing filter more effective

Mail that is clearly spam is filtered for you, automatically. However, one person’s spam might be another person’s research project, so other messages are simply tagged as suspicious and then allowed to go through. You can decide how to handle suspicious mail that does get through, following the tips for Managing Spam provided by IS&T at http://www.bu.edu/tech/comm/email/unwanted-email/spam/

 

 

Reporting Phishing

If you see a phishing message, please send it and full headers to abuse@bu.edu

For details on how to do this, see: http://www.bu.edu/tech/comm/email/unwanted-email/report-abuse/

 

Thank you all for your attention and help in fighting this problem.

Quinn R Shamblin .

Executive Director of Information Security, Boston University