SLU Security would like to make you aware that SLU is having trouble with phishing attempts on the Episerver login page. Employees are receiving emails that look like they are from IT which say that you have to log in.
Since the phishing emails are well-made, more and more people fall victim to the phishing attempts. If you have accidentally logged in on a phishing page, the attackers get access to your user name and password. This is serious since they then can log in to SLU’s system and send spam from your email address, among other things.
Below is an example from 15 January this year. The site http://stod-slu.ml/ was disabled by SLU’s firewalls for about 15 minutes after CSIRT (the Computer Security Incident Response Team) at SLU became aware of the problem. The same phishing email was sent to SLU employees on 14 February.
From: IT-Support | SLU <firstname.lastname@example.org>
Subject: [IT] University Mailbox Quota Exceeded!
Date: 22 January 2018 at 15:22:13 CET
Your univeristy mailbox quota has exceeded it's limit, you may not be able to send/receive more emails.
Please delete any item you don't need from your mailbox and empty your Deleted Items folder OR FOLLOW HERE to enable automatic increase your mailbox storage.
The office of Information Security will keep this updated if information should change, but we encourage all users to run their updates after the expected release of this patch.
With kind regards,
Your IT-Stöd Team
SLU, Sveriges lantbruksuniversitet
Information Technology (IT)
© 2018 Information Technology Services (IT). All rights reserved.
If you click on FOLLOW HERE, you are taken to what looks like a SLU login page. If you look at the address, you can see that is not the case. If you accidentally enter your information on a fake login page, contact IT Support immediately to change your password. It is also important to notify IT Support so they can prevent others from being affected.
The real SLU login page and address look like this:
This is the fake page:
This information comes from SLU Security and CSIRT. If you need help, please contact IT Support.