[CCoE Notice] FW: Important message from UH Faculty/Staff

Luong, Kiet A KDLuong at Central.UH.EDU
Fri Jan 13 12:06:25 CST 2017 

Good afternoon,

I’ve received several emails already asking if this is a legitimate email or not.  I normally respond by asking for everyone’s analysis of this email first, then I provide comments to make sure everyone knows how to identify these types of emails.  In this case, I’ve decided to provide my analysis since so many people are asking.


1.       First, the “FROM:” address is a red flag.  Normally, when someone from UIT or IT Security sends an email, a person’s name and email address are shown.  Here, the person’s name is “University of Houston” and the email address is donotreply at central.uh.edu<mailto:donotreply at central.uh.edu>.  Just because the email address is @central.uh.edu (or @uh.edu), it doesn’t mean that the address is legitimate or the person actually sent it.  Email addresses can be spoofed (fake) to look like it came from a legitimate email address, so we know not to rely solely on the email address to determine legitimacy.



2.       Second, the email body is very vague.  No description of what the “important message” is, and why we have to click on it to read.  The majority of official UH announcements include the contents of the message in the email so we don’t have to click on a website to read it.  Most UIT or IT Security emails have plenty of contents and not just a brief one-liner emails.



3.       Thirdly, you should never click on a web link from an email until you know exactly where that link will lead you to.  To find out where that link goes to, hover the cursor over the link to reveal the web address (without clicking on it).  In this case, the link takes you to nevesta.dn.ua/xxx/xxx/xxx.  Please remember that the important part of a web address is BEFORE the first “/”.  In this case, the main web address is a Ukraine website (nevesta.dn.ua).  The slashes “/” following the web address are just links from the main web address, which should NOT be factored into determining the website’s origin.  The slashes here tries to trick you into thinking it’s a my.uh.edu link, when it’s not.



4.       Lastly, there is no one’s name in the signature.  No legitimate email should just show the organization and not the person sending the email.

It’s important that all these parts of the email are considered together to determine legitimacy.  For example, the phishing email can contain three legitimate parts out of the four stated above, but that one remaining part that still raises a red flag should cause you to stop and reconsider before acting.  In cases that that, please call or email me and include your analysis of the email so we can talk about all the parts of the email that will determine legitimacy.  Remember, there is no rush to click on an email if even one part raises suspicion.  It’s better to report it rather than click it, when it comes to suspicious emails!

Thanks to all those who brought this email to my attention.  If you’ve happened to click on the link already, please call or email me immediately.

Sincerely,

Kiet Luong
Director of Engineering Computing
College Information Security Officer
Cullen College of Engineering
University of Houston
Email: KietL at uh.edu
Voice: 713.743.9974


---------- Forwarded message ----------
From: University of Houston <DoNotReply at central.uh.edu<mailto:DoNotReply at central.uh.edu>>
Date: Fri, Jan 13, 2017 at 10:45 AM
Subject: Important message from UH Faculty/Staff
To:

Dear Employee:

You have new important message from Faculty/Staff.

Click here<http://nevesta.dn.ua/classifieds/includes/system.my.uh.edu.html> to read

Thank You
Information Technology Services(ITS)
University of Houston



CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

P Please consider the environment before printing this e-mail.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://Bug.EGR.UH.EDU/pipermail/engi-dist/attachments/20170113/fa70b556/attachment.html

More information about the Engi-Dist mailing list