What is vhishing?
Vhishing attacks are carried out over the phone
- Never give remote access to your computer to anyone who phones you
- Never connect to a website if advised by the caller this more than likely will be an attempt to download malware onto your computer or take remote control of it.
- Never give personal, bank or login information over the phone or input them on a website unless you can verify that the caller or website is genuine.
- If you do give access to your computer notify ITD as soon as possible also you will need to contact your service providers such as your bank, Credit Card Company and mobile phone provider and advise them that your details maybe compromised.
- Please note that ITD will never ask for login details by email.
What is phishing?
Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information with a third-party. Even though ITD has systems in place to help protect against this type of attack. There is no guarantee that all attacks will be detected and stopped.
Responding to a phishing email, and providing your UL username and password will not only disrupt your email access and personal security, but potentially has serious consequences for the University – such as blacklisting of our email servers causing email bounce backs affecting other users and can also cause reputational damage and data protection concerns. In addition, dealing with phishing attacks places significant demands on ITD, and resources which would be normally assigned to strategic projects have to be reassigned to deal with the impact of these incidents.
Sample phishing emails - staff
Sample phishing emails - students
How do I recognise phishing emails?
- Check for spelling mistakes
- Don’t trust the display name. Check the email address header – do not open the email if it looks suspicions
- Look but don’t click – Hover you mouse over any links and check if you recognise the link
- Be particularly suspicious of any email using threatening or urgent language
- ITD will never send you an email looking for your password or to verify your email account.
What should I do to help protect myself?
One of the best forms of defense against these types of attacks is user vigilance and awareness.
Here are some simple things you can do to help avoid a Phishing type attack:
- Do not share your Computer Account Password with anyone
- Be careful of emails requesting you to verify your login details. ITD will never ask you to do this over email
- Do not click on links or attachments from senders that you do not recognise
- Do not provide any sensitive personal information over email • Watch for email senders that use suspicious or misleading domain names
- If you are unsure an email is legitimate DO Not Open It! Contact ITD at the earliest opportunity
- Be wary of phone calls claiming to be from help desks especially if they request to go to a website
- Ensure your device is running an up to date anti-virus application and your operating system is fully patched.
- Do not register your UL address on numerous external sites, websites, forums or email distribution lists - except those for University related purposes
- If you suspect your account has been compromised contact ITD and change your account password immediately using UL’s Self-Service Password Reset Portal (Reset Password | University of Limerick (ul.ie)
What should I do if I receive a fraudulent email?
- Do not click any links
- Do not open any attachments
- Do not enter any personal details on the fraudulent email or website.
- Report the ’phishing’ email to the ITD
- Delete the email.
What should I do if I respond to a phishing email?
Report the issue to ITD, disconnect your devices from the network and reset your password using the following link: