Short answer: No idea! And yes that is my name.
We have received a couple of reports of phishing attempts using look-alike names – in this example (which isn’t real), the email address firstname.lastname@example.org was used in an email purporting to be the individual who is usually found at email@example.com. As port.ac.uk email addresses are slightly harder to forge than they used to be, attackers are looking to use look-alike email addresses.
Either domains that look similar (the bit after the “@” such as port.ac or port.co), or names that are familiar – as in the example shown.
To defend against this, we need to :-
- Avoid using personal email accounts for UoP business emails.
- Check and double-check the email address in the “From” field – whilst these can be forged, it is somewhat harder to forge @port.ac.uk addresses than it used to be.
- Is the domain part (after the “@”) port.ac.uk or does it merely look similar?
- If it looks like a personal name from a common personal mail site – firstname.lastname@example.org – is it one you are familiar with? Do you know that the individual uses that address as their personal email?
- And of course the standard anti-phishing defences – does it encourage urgency? Suspicious. Does it link to a strange web site? Suspicious. Etc.
- If in doubt, ask. Ask a colleague or ring the sender to check.