Tag Archives: phishing

Security

University: Anti-phishing not really a “policy”

Bogus Citibank login from phishing emailThe University of Minnesota’s HR department send me an email in January telling me that I had to submit to a background check. The good news: I do them all the time.

The bad news: the background check company can only complete the check if you follow a URL embedded in an email.

This is how phishing emails work. The email comes from a convincing-sounding source, like the University’s HR department, or some third-party on their behalf. You respond to it, only to find that it really wasn’t the HR department collecting the information.

Bottom line: you can’t trust email. No matter how many times it says “This isn’t a spam email,” or “This isn’t a phishing email,” you can’t trust email.

[Update 5 January 2018: The UMN HR department has sent me TWO possible phishes as I prepare to take up my reappointment. I passed this to the IT Security people. They have ‘spoken to’ the HR department, and they started a phishing blog.]

Continue reading University: Anti-phishing not really a “policy”

Security

My invitated – a classic phishing attack

Your InvitatedPhishing emails can be tiresome. Sometimes, though, they are classically bad. Even better, this one uses an old-school strategy to get you to click on a suspicious link.

The domain name is “nytijmes.com” which at first glance appears to go to a more-or-less legitimate news site. The extra “j” in “nytimes” is easy to overlook.

Continue reading My invitated – a classic phishing attack