[CCoE Notice] FW: UH Infomation Update

Luong, Kiet A KDLuong at Central.UH.EDU
Thu May 5 10:03:12 CDT 2016 

Good morning,

Many of us received this email below sometime this morning, and some may be wondering if this email is legitimate or not.  Please analyze this email with malicious email strategies I mentioned in my previous emails, and see if you can identify all the “red flags” that make this email what it is.  Below are the red flags that I’ve identified.

1.         The “From” email address appears to be from a @ohio.edu email address.  To confirm whether the email address is what it appears, hover the cursor over the email address to reveal its real one.  In this case, the email address is as it appears.  However, this is a non-UH email address in a supposed UH email update request.

2.        The brevity of the email is extremely alarming, and there’s hardly any information for us to verify against, including signature of UH employee who is supposed to send it.  The signature is broad and mentions UH Security to hope to lower our guard, but we all know the UIT security team does not sign emails without additional information.  UIT Security also usually suggests you work with local college technical support for issues, which means we will be contacting you if an issue actually occurs that needs your action.

3.        The link in the email to update our email accounts points to http://komornikkatowice.eu/-/uh.eduwemail/email.uh.edu.htm web address.  Keep in mind the first portion of the web address is where the link will take you to, and not the rest of the web address.  In this case, the link takes you to komornikkatowice.eu, which is a country code web address for European Union member states and not email.uh.edu.htm, which is what the end portion falsely suggests.  This is obviously not a UH web address to update our email account.

4.        Legitimate UH employees will never ask you to click on a link to update any accounts.  If they do, email them back using a known address from the exchange server or UH directory, and ask them to confirm the message.

Hope you’ve arrived at the same conclusion as I did, that this is not a legitimate UH email.  The strategies to analyze other malicious emails are very similar, even though the emails are all different.  For future suspicious emails, please analyze them yourself first, then forward me both the suspicious email and your analysis so I can help you formulate good strategies in recognizing malicious emails.

Thanks,

Kiet Luong
Director of Engineering Computing
College Information Security Officer
Cullen College of Engineering
University of Houston
Email: KietL at uh.edu
Voice: 713.743.9974

From: UH.edu [mailto:at463912 at ohio.edu]
Sent: Thursday, May 05, 2016 8:46 AM
To: Me
Subject: UH Infomation Update

Click Here To Update Your Email Account<http://komornikkatowice.eu/-/uh.eduwemail/email.uh.edu.htm>

UH SECURITY Department
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://Bug.EGR.UH.EDU/pipermail/engi-dist/attachments/20160505/7cde016a/attachment.html

More information about the Engi-Dist mailing list