Phishing Scam Spoofing ECCS

FAQ (Frequently Asked Questions)

Phishing Scam

Phishing scam is the act of stealing important personal information (such as user IDs or passwords, etc.) by sending spoofed emails or directing users to false websites via false emails.

It has been reported that ECCS users have been receiving phishing emails spoofing as the ECCS administrator. These emails are created with the intention of stealing user IDs, passwords, or other terminal information by getting them to enter their ECCS accounts and passwords on a false website or to open malicious files disguised as email attachments.

Some phishing emails are so cleverly created that you cannot easily determine the authenticity of emails. However, in many cases if you at least keep the following information in mind, you may be able to prevent becoming a victim of fraud.

Taking Actions on Regular Basis

• One of the phishing techniques is to send HTML emails. As a HTML email can make a real web address display a different website, please read emails in the text format instead of the HTML format. It is possible for most Mailers to be set up to show emails in the text format and not translate them into HTML format.

• When you send/receive documents by emails, using a file sharing service is a more secure method than attaching them to emails.
• If you are an ECCS user, WebDAV is available. This service will not only send files, but it can also be used to receive files.
• If you do not have an ECCS account, use other file sharing services, etc. and not file attachments to reduce the possibility of contacting malicious files through sending/receiving files using a system with authentication.

• It is possible to set up Multi-Factor Authentication login in MailSuite. This means that even if your password is stolen by the third person, logging in with Multi-Factor Authentication can reduce the risk of them logged in because you are required to type in an one-time password along with the regular password at login. We recommend and encourage users to use this system.
• Please refer to the announcements" [ECCS Staff Email l]Multi-Factor Authentication", "How to use Multi-Factor Authentication (for Mailhosting users)" (available only in Japanese) or "the users' Manual for Multi-Factor Authentication" (available only in Japanese) for more details.
• However, please note that using this function does not provide 100% protection. We ask you to use this function along with other general security measures such as updating passwords on regular basis, not setting up easy-to-guess passwords or not reusing the same passwords.

• The function of "Country Authentication Restriction" is available in MailSuite, allowing you to restrict access from countries where there are not supposed to be any access, and reduce the possibility of illegal login (default setting restricts access from all countries other than Japan).
Further details are provided in the following announcement.
• "New Function of Country Authentication Restriction for the New MailSuite"

What You Should Do When You Think Things May Be Fishy

• Under no circumstances will we ask you to enter your password on any websites or emails for confirmation, except to login for each ECCS service. E-mails with these kind of request must be phishing emails, so DO NOT click on the website or reply with any information to the sender.

• When we need to send files through ECCS, we will usually use the WebDAV service and not attaching files to emails. We request your cooperation in this matter.

What You Should Do When You Think You Did It

• In case you think things might be fishy having accessed some websites or replied to the sender, please take the following actions (some actions will differ depending on whether you are using ECCS email account or Mailhosting account).
• Change your password immediately regardless of whether emails and websites are legitimate or not. If it is a legitimate email, there will be no effect to the ECCS system by changing the password. Please take actions before it is too late.

• If you use the ECCS Staff Email or ECCS Cloud Email, report immediately to ECCS Support that you may have fallen for a phishing scam and that you have already changed your password or have taken other actions.
We will check settings, etc. depending on the situation.
• If you are a Mailhosting user, first contact the domain administrator as soon as possible. Necessary action will be taken depending on the situation.

• Contact the person in charge of security of your department/faculty (CERT, etc.) at the same time as contacting us.

• UTokyo-CERT or ECCS may ask you to take some actions from depending on the situation or contents through the person in charge of security of your department/faculty. Follow their instructions in case you are asked.

What You Should Do When You Think You Have Fallen for Phishing on Systems Other than ECCS

• In case (you think that) you have fallen for a phishing scam on another system that has nothing to do with ECCS, change the passwords on that system if you have used the same account name and/or passwords for the ECCS services.

Sample Cases

Sample cases of wide-spread phishing scams that have targeted ECCS are in the ECCS announcements on this website. You will find them by searching "Phishing" in the search window on the upper right of the announcements.

Furthermore, UTokyo-CERT discloses other examples of targeted attack emails. For a list of notifications on campus regarding Targeted Attack Email can be found on the website (available only on campus - currently available only in Japanese)