How to recognize the University of Oxford Web Login Pages

Phishing emails are one of the most common attempt to steal user’s personal or sensitive information. Cyber criminals commonly target University users with phishing emails. They usually include a link that redirects users to a fake web login page that appears at first glance to be one of the University web login pages.

Fake web login pages are under the control of criminals. Once users have been tricked into entering their University username and password in a fake web login form, cyber criminals can use their accounts to access their personal information and commit other frauds, such as sending phishing emails on behalf of the user’s account compromised.

When you came across a website that asks for your University Webauth or Nexus credentials, before entering your password, make sure you are accessing to the authentic University web page.  The following tips can help you to verify the authenticity of the University Webauth and Nexus login pages:

Tip 1:  Recognize the network domain of the University web login pages:

  • The University Webauth login page begins with  https://webauth.ox.ac.uk/. An example of the Webauth login page is shown below:

Picture2.1

  • The University Nexus login page begins with https://owa.nexus.ox.ac.uk/. The screenshot below shows what the Nexus login page should look like:

Picture2.2

Note that when you look at the address bar in your browser, the domain is the part from the double slash “//” to the first slash “/” .

Tip 2: Identify that the University login pages have a padlock icon in the address bar of your web browser, as can be seen below (Google Chrome web browser was used in this example):

Picture5

Tip 3: Verify the website SSL certificates as they contain unique features.  The following three steps will explain how to verify SSL certificates:

Note: Google Chrome web browser has been used in this example (for different web browsers steps may vary):

  •  Step 1: Click the green padlock icon and select “Details”.

Picture1

  •  Step 2: The Security Overview section will be displayed in your browser, then select “View certificate”.

Picture2

  • Step 3: The “Security Overview” section displays the following unique items that are characteristic from the Webauth and Nexus web login pages:

For the Webauth web login page:

  • Certificate name: webauth.ox.ac.uk
  • Issued by: QuoVadis Global SSL ICA G2
  • Look for the green tick, “This certificate is valid”

Picture3

For the Nexus web login page:

  • Certificate name: owa.nexus.ox.ac.uk
  • Issued by: TERENA SSL CA 2
  • Look for the green tick, “This certificate is valid”

Picture4

Do not enter your University credentials until you have verified the authenticity of the login page.  If you find a fake login page that asks for your University credentials or you are unsure if it is legitimate, forward it to phishing@it.ox.ac.uk. The security team will block fake web login pages to protect University users.

 

 

Posted in Email | Comments Off on How to recognize the University of Oxford Web Login Pages

Comments are closed.