Who Is mikemeredith@hotmail.com?

Short answer: No idea! And yes that is my name.

We have received a couple of reports of phishing attempts using look-alike names – in this example (which isn’t real), the email address mikemeredith@hotmail.com was used in an email purporting to be the individual who is usually found at mike.meredith@port.ac.uk. As port.ac.uk email addresses are slightly harder to forge than they used to be, attackers are looking to use look-alike email addresses.

Either domains that look similar (the bit after the “@” such as port.ac or port.co), or names that are familiar – as in the example shown.

To defend against this, we need to :-

  1. Avoid using personal email accounts for UoP business emails.
  2. Check and double-check the email address in the “From” field – whilst these can be forged, it is somewhat harder to forge @port.ac.uk addresses than it used to be.
    1. Is the domain part (after the “@”) port.ac.uk or does it merely look similar?
    2. If it looks like a personal name from a common personal mail site – mikemeredith@hotmail.com – is it one you are familiar with? Do you know that the individual uses that address as their personal email?
  3. And of course the standard anti-phishing defences – does it encourage urgency? Suspicious. Does it link to a strange web site? Suspicious. Etc.
  4. If in doubt, ask. Ask a colleague or ring the sender to check.
This entry was posted in Active Attacks, Email and tagged , , . Bookmark the permalink.