Center for IT Services - University of Moratuwa has identified many phishing incidents coming
to the UoM user accounts recently. If you have identified any malicious activity on your email account, please CHANGE YOUR LearnOrg PASSWORD and inform firstname.lastname@example.org for further assistance.
What is a phishing attack?
Phishing is a web based attack type that is commonly used to mislead the user by redirecting him or her towards another fake web interface which is similar to the original web interface. Theuser feels difficult to understand the difference between the fake and real web interfaces.
What is the aim of this attack?
The main aim of this attack is to force user to insert their confidential information into the fake web system. This can make easy for the hackers to collect all university users confidential information and hackers can misuse those information.
In what types of modes this attack can be introduced?
Typically this attack is initiated with an email instructing the users to change their password, to increase their email quota, to validate the account or any other important web account features related to the user’s secure transactions. The originating email address (“From:” address) can vary. Sometimes it can look like a University domain with a prefix (Eg: IT Helpdesk, Support Team, etc.).
Center for IT Services (CITeS) will never send individual emails related to these type of transactions.
Further, when it is necessary for a university user to change any settings of his or her web account, CITeS will inform systems & network administrator of the respectiveb Department/Division. He/She will assist you regarding further proceedings.
How can you quickly identify a message as a phishing attempt?
- Email address does not match university name.
- Hovering mouse over 'CLICK HERE' link does not match university name.
- Poor grammar.
- The site you visit after clicking the given link does not contain “mrt.ac.lk”, university logo, “University of Moratuwa” title
Does CITeS ask for your UOM Username and Password?
The CITeS never ask for your Username and Password via email.
What are the actions that can be taken by university users?
When University users come across this types of attacks related to their university web accounts,they should immediately inform the Center for IT Services (CITeS) using the following
Telephone Direct: 0112650650
General Notice for all University account users
- Never submit University credentials (username and password) online without identifying the SSL Secure green mark within the URL address on your browser. Also address should end with mrt.ac.lk or uom.lk .
- Never respond to any suspicious email messages.
- Never click on any suspicious links displayed in websites or emails you receive.
- If you accidentally follow any of the above please change your account password immediately using ( LearnOrg: lms.mrt.ac.lk ). Contact CITeS for further clarifications.
- Immediately forward all suspicious emails you received, to email@example.com .
NOTE: If any compromised account is found on University system, CITeS Systems Engineers will disable the account immediately without prior a notification!