Last modified by Denisa Wernerová on 18.08.2024 16:06
From version 1.25
edited by Denisa Wernerová
on 16.05.2016 10:15
Change comment: There is no comment for this version
To version 2.2
edited by Denisa Wernerová
on 29.03.2017 08:28
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,14 +1,10 @@
1 1  {{info}}
2 2  (% style="font-size: 18px;font-weight: bold;" %)The last logged fraudulent messages:(%%)
3 -* 13.05.2016 Bezpieczenstwa Alarm !!!
4 -* 04.05.2016 Your apple account was locked!
5 -* 04.05.2016 Warning Code: VX2G99AAJ
6 -* 02.05.2016 Your Email (petr.k@vsb.cz) Closure Administration Complaint.
7 -* 29.04.2016 Protřiďte si Vaši e-mailovou schránku na VŠB-TU Ostrava!
8 -{{/info}}
9 9  
10 -(% style="color: rgb(204, 0, 0);" %)Page is under construction
4 +* 28.03.2017 ICT služby!
11 11  
6 +{{/info}}
7 +
12 12  **Do not try to fight phishing on their own, because in many cases it can disrupt the already established and proven practices of our security team at the Technical University.**
13 13  
14 14  **If you read the message with many hours delay (more than about 12 hours), usually already we know about this incident and there is no need for us to report news!** Please forward fraudulent messages to abuse@vsb.cz immediately after delivery to your inbox. Thank you for your understanding.
... ... @@ -15,7 +15,7 @@
15 15  
16 16  Report to us only fraudulent messages. Security team at the Technical University **do not solve common spam messages**, such as supply of Viagra pills, advertising messages and messages with infected attachment.
17 17  
18 -===Content:===
14 +=== Content: ===
19 19  
20 20  * [[What is phishing>>||anchor="what-is-phishing"]]
21 21  * [[How to recognize a phishing>>||anchor="recognize-phishing"]]
... ... @@ -31,6 +31,7 @@
31 31  
32 32  {{id name="recognize-phishing"/}}
33 33  **How to recognize a phishing**
30 +
34 34  * With graphic design of the message attackers are trying to give the impression that the message was send by an organization whose clients are attacked.
35 35  * Text can look like information about non-payment, call for verification of the password validity or its change or as client satisfaction research with a service.
36 36  * In the message text is a link which should look that it is directed to the websites of the organization (bank) but on closer examination you find out that it is linked to somewhere else and there are fraudulent websites.
... ... @@ -41,34 +41,43 @@
41 41  
42 42  {{id name="phishing-sense"/}}
43 43  **Read carefully and use common sense**
44 -* You win one million pounds!
41 +
42 +* //You win one million pounds!//
45 45  Did I bet?
46 -* Pay the bill!
44 +* //Pay the bill!//
47 47  Did I ordered something?
48 -* Your inbox is full!
46 +* //Your inbox is full!//
49 49  I greased e-mails last week. Could I really fill inbox so quickly?
50 -* Send us an additional personal information, otherwise we will ... !!!
48 +* //Send us an additional personal information, otherwise we will ... !!!//
51 51  I have no agreement with the organization and I did not want anything.
50 +* //Tell us your password, your administrator!//
51 +At CIT they are far more privileges than I am (an ordinary user).
52 +* **So this is not!**
53 +** Do not write your password on the bottom of the screen and for sure do not tell it anyone.
54 +** When someone imitate my signature, I will give it a criminal complaint, but the electronic signature that is just such a crazy farce IT guy. Something like a computer game.
52 52  
53 -
54 54  {{id name="how-to-help"/}}
55 55  **How you can help**
58 +
56 56  * Forward to us every suspicious message by email on [[abuse@vsb.cz>>path:mailto:abuse@vsb.cz]] and attach also the source code of the message (see guides for [[Outlook 2010>>uzivatel.2010-zdroj-kod]], [[Outlook 2007>>uzivatel.2007-zdroj-kod]], [[Thunderbird>>doc:uzivatel.thund-zdroj-kod]], [[Roundcube>>uzivatel.zdrojovy-kod]], [[Office 365>>uzivatel.office365-zdroj-kod]]).
57 57  
58 58  {{id name="protect-account"/}}
59 59  **What can you do to protect your account security**
63 +
60 60  * please, report us suspicious messages immediately on [[abuse@vsb.cz>>path:mailto:abuse@vsb.cz]] and leave the message in the mail until you are asked (for case that you won't sent all necessar information),
61 61  * never reply to suspicious messages,
62 62  * don't click on links in suspicious messages,
63 -* tell nobody and never your login.
67 +* tell nobody and never your login and password.
64 64  
65 65  {{id name="responded"/}}
66 66  **I responded to a suspicious message**
71 +
67 67  * change disclosed password immediately (see [[password change>>uzivatel.zm-hesla]]),
68 68  * don't be affraid and don't be shame we are happy and willing to help you. Please report us the situation and we also investigate if someone else has been also caught.
69 69  
70 70  {{id name="samples"/}}
71 71  **Samples of fraudulent messages**
77 +
72 72  * View message head detail in the email client and check addresses. From and Reply-to. Don´t tell your login and password by email.
73 73  
74 74  **Example No. 1**