Skip Ribbon Commands Skip to main content
Help (new window)
University of Balamand > News > Archive > IT Office: Important Alert

IT Office: Important Alert

Phishing e-mails are a type of social engineering threats which are executed via e-mails and usually will lead to identity fraud, including revealing usernames and passwords (credentials) of e-mail accounts, credit cards, student information systems, e-learning platforms and many others.

Social engineering threats are the types of attacks that deceive users by making them reveal private information that they would not normally share (like email, SIS, Moodle passwords…) by building a relation of trust. This relation can be accomplished by numerous ways; the most common of them is through emails. The following are examples of social engineering attacks:
  • E-mails from a cracker to employees/faculty members/students requesting a password to increase e-mail storage quota.
  • E-mails from a cracker to employees/faculty members/students requesting a password because work has allegedly to be done over the weekend on the e-mail system.
  • E-mails from a cracker to an official claiming that an investigation is underway for the university and requesting a password for the investigation.
One of the just such a phishing e-mail that is being received lately is the following:

From: IT OFFICE [blackout@barstoolsports.com]
Sent: Wednesday, September 17, 2014 2:48 AM
Subject: Maintenance Alert.

Take note of this important update that our new web mail has been improved with a new messaging system from Owa/outlook which also include faster usage on email, shared calendar ,web documents and the new 2014 anti-spam version. Please use the link below to complete your update for our new Owa/outlook improved web mail.

CLICK HERE TO UPDATE.

Regards,
balamand.edu.lb Technical Services Group, ICT

The best defense against social engineering attacks is through awareness:
  • Never provide you user name and password to anyone
  • UOB staffers will never request your username and password by e-mail.
Phishing e-mails and messages can be identified by observing the following indices:
  • Usually phishing e-mails are general and not personalized
  • Phishing e-mails are usually intimidating to get people to react immediately to the request. For example they warn the user to access the link in the e-mail otherwise the e-mail account will be closed.
  • Phishing e-mails usually contain stimulating false statements to encourage people to access their web sites. For example they tell you that you have won money and you can get it by clicking on the following link.
You can respond to phishing e-mails and social engineering threads as follows:
  • Do not respond to requests to revel personal information and credentials via e-mails.
  • Do not click on links within a message that you think that might be a phishing e-mail.
  • Do not fill out forms in e-mails that ask for credentials and confidential information like a credit card number.
  • Do not use the URL links in the e-mail that you think that it is a phishing e-mail.
  • Do not open any attached file in the e-mail that you think that it is a phishing e-mail.
  • Do not fill in online forms in the e-mail body that you think might be a phishing e-mail.
  • ​Contact the system unit in the IT department on the following e-mail: su@balamand.edu.lb
facebook    LinkedIn    youTube    Social Media
University of Balamand,
Balamand Al Kurah,
Lebanon

Tel:  +961-6-930250
Fax: +961-6-930278