The UCT Computer Security Incident Response Team (CSIRT) is aware of a phishing email doing the rounds, which directs users to a cloned UCT Single Sign-On (SSO) page. The email proports to come from various addresses and contain subject lines similar to these:
- Your myUCT email updates
- Your Microsoft office365 mail update
It then claims that ICTS will run scheduled maintenance from 18th to 26th June 2022, and that the email service will be unavailable in this period. The attackers then offer an alternative link to access your UCT email and other Microsoft 365 services in this period, leading to a fake SSO page as shown below:
If you enter your credentials into this cloned website, your credentials will be stolen and your account compromised. Do not enter your credentials on this website.
What should I do if I clicked the link and supplied my credentials?
If you received such a message, clicked the link and entered your UCT login details:
- Reset your UCT password immediately.
- Make sure you have anti-virus installed on your devices.
- Update your antivirus and scan your device.
- Contact the IT Helpdesk (firstname.lastname@example.org) should you need further assistance.
Remember these security tips
- Keep track of the latest phishing attempts on campus via the UCT Phish Bowl.
- NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
- Don’t ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
- If you receive a call, message, or email out of the blue from your bank or a service provider indicating that there is a problem with your account, thank the caller then hang up. Call the institution directly using the number listed on their website and verify if the call is legitimate or a scam. Never call back using details provided by the caller. You never know who will be on the other side. Some hackers run professional cybercrime companies, including helpdesk centres that sound very convincing.
- If you receive a call about an issue that you never logged and you’re asked to give the caller remote access, do not take any action. Rather hang up and report the issue to your service provider.
- Make sure you have anti-virus installed on your devices. At UCT, you have access to McAfee which you can install on your UCT-owned and personal computers.
- Keep your operating system, software, and anti-virus up to date at all times. The latest security updates contain patches and fixes to keep your devices and information secure.
- Please do not forward the message to your contacts. Report it to the IT Helpdesk (email@example.com), who will then conduct the necessary investigations.