Posted: June 2016
Phishing is a form of fraud, in which an attacker tries to learn private information (such as login credentials) by masquerading as a reputable entity or person (usually via email). The following is an actual phishing email that was sent within our UM community:
If you recognized this email as spam/phishing and immediately deleted it, thank you for being vigilant. If you opened the message and clicked on the link, please be aware that attackers often include links in emails to lure you to fraudulent websites where they can collect your login credentials and/or malicious software can be downloaded to your device(s).
To investigate where a link will take you, hover over the link with your mouse pointer (as seen in the screen shot below). If the URL appears to be from outside the University or does not match the link, then it is most likely a phishing email.
Criminals have access to tools that replicate legitimate company sites. In this case, the UM Single Sign-On webpage was replicated. A key indication of whether a site is real or not is the URL. Take a look at the phishing attack URL in the address bar below (the real UM Single Sign-On page will display as https://caneid.miami.edu/ or https://caneidhelp.miami.edu/caneid/):
Phishing is an ongoing challenge for the University of Miami and many other institutions and businesses around the world. For this reason, UMIT Security is offering supplemental training in ULearn. To access the training, visit http://ulearn.miami.edu and enter Phishing - Don’t Get Hooked into the search bar, located on the top right-hand corner of the page. Select the course and register.
To learn more about phishing and learn how keep your identity safe, please download UMIT's Phishing 101: How to Spot a Phishing Attempt and Phishing 101: Tips to Protect Yourself documents. If you suspect you may be a victim of phishing, or would like help setting up Multi-Factor Authentication, please contact the UMIT Service Desk at: (305) 284-6565 or email@example.com.