This weekend LSE was targeted by a sophisticated phishing/spoofing email purporting to be from the IT Service Desk.
The message claimed to be about the ‘Spectre’ and ‘Meltdown’ vulnerabilities and asked you to click on a link to take you to a quarantine portal for security reasons.
A spoofing* email is sometimes very hard to spot because it uses real recognisable information (in this case the correct contact details used in the email signature) and as with most malicious messages, plays on a sense of urgency or makes an alarming claim.
What to look out for
Spoofing/scam or phishing attempts, often contain similar types of messages. Examples of topics include:
- Your email has been suddenly stopped, and you need to click on a link and enter your username and password to reactivate it
- There are emails that have been held back, and you need to click on a link and enter your username and password to access them
- You need to click on a link and enter your username and password in order to upgrade your email account
- Or in this case: ‘… the IMT support team discovered Meltdown and Spectre attack… kindly click here to log into IMT quarantine portal…’
As the emails are not genuine, one other way to spot them is by looking at who has actually sent the message and where the links point to.
To check the link location, hover your cursor over the hyperlinked text and the true url will be revealed. From here you should be able to tell it is not pointing to a legitimate LSE source.
The same scrutiny should apply to the ‘From’ field, genuine messages will be coming from firstname.lastname@example.org not from Ksw6@leicester.ac.uk as it was in this case.
Essentially when in doubt, please don’t click on any links and contact us to verify and check the email.
To report a suspicious email, use the following steps:
- Create a new email in Outlook, with ‘Phishing Attempt’ in the subject line
- Drag and drop the phishing email into the email you are preparing to send
- Send to: email@example.com
To report a phishing email in Office365, please use the ‘Junk’ – ‘Phishing’ option.
You can also call us on 020 7107 5000 | x5000
For more advice on staying safe and secure online, please see the InfoSec webpages and articles on the LSE IT News Blog:
*Spoofing refers to a situation where a person or programme masquerades as another by falsifying data.