Share:

Beware: Phishing scam now on Facebook

A sample of a Facebook phishing scam

A sample of a Facebook phishing scam.

by Cathy McVey, information technology services

IT recently posted a myMiami announcement about phishing via a Facebook scam.

The announcement directed anyone receiving a suspicious message to forward it to InfoSec@MiamiOH.edu. Since that posting on July 1 more than 1,000 messages that helped identify over 150 compromised @MiamiOH.edu accounts have been forwarded.

According to Joe Bazeley, assistant vice president for security, compliance, and risk management, right now Miami is being attacked by two predominant strains of phishing.

  • A fairly standard phishing email requesting that the recipient click on a link or open a document. In this attack the address book of the “victim” is invaded and phishing messages are sent to everyone they communicate with – and those messages look like they are from the victim. Those messages often don’t contain much in the way of details, usually saying something like “click here to open an important document.”
  • The Facebook scam where phishers compromise a Miami user’s Facebook account and then send a chat message to “Friends” asking for their password to access Miami’s WiFI. The bad guys will then use the password to access data from that person’s account.

Here are two important rules to remember:

1. Never click on links or attachments unless you are 100 percent sure you know they are legitimate. (Never assume; always contact the sender to be sure.  Since the phisher will often respond to messages from the compromised account, you may need to throw in a question or two like “Where did we go to lunch yesterday?”)

2. Never share your password.  If your friend is having problems connecting to MU-WIRELESS, they can always connect to MU-GUEST or contact the support desk.