The UG is taking new measures to prevent hackers from attacking their network. Therefore, we have been subjected to the mandatory password change, and soon, the university will require two-factor authentication for all it’s users. These measures will make it more difficult for attackers to gain access to the networks of the university, however, no matter how strong your password is, you should never forget that people are the weakest link in the security chain. That’s why we are often responsible for the failure of security systems.
During the corona pandemic we have observed a tremendous amount of increase in phishing, scam, and ransomware. These acts of cybercrime pose sever threats to our security as individuals. I would like to focus on phishing attacks, since these are the works of individuals with extensive knowledge on artistry. These people or organizations are called con artist (or organizations). They are good at making people believe things that are not true. For example, they will impersonate organizations with which we interact daily, like government agencies, schools, and banks.
Personally, I had received an email from someone who was impersonating the university and saying that there were two blocked incoming messages. It looked like a legit email, since the domain where the mail originated from, does officially belong to the university. However due to either an improperly configured mail server or email spoofing, the attackers were able to impersonate, as if the email was coming from the university. When I clicked on the link, sandboxed of course, I noticed that the domain was in India. The page looked like Nestor, however the font size was not correct, and it looked like a cheap Alibaba version. At that point I realized that there was something wrong and did not proceed to enter my personal information.
This is one reason why we need to be careful and double check when entering our information on suspiciously looking website. Don’t forget that hackers nowadays are able to create identical looking websites to that of official organizations, in order to disadvantage people (i.e. steal money, identity theft, etc.). They use old tricks, disguised in new tools.
Disclaimer: It’s often relatively easy to avoid phishing attempts. Just be suspicious, avoid clicking on strange links, and generally do your best to not give the attackers anything to work with.
This article is written by Berke Aslan