#Covid19 cybersecurity alert: email phishing in Uganda

An email dated 30th April 2020, purportedly coming from the National Council for Higher Education (NCHE), is fake. It should be deleted instantly from

An email dated 30th April 2020, purportedly coming from the National Council for Higher Education (NCHE), is fake. It should be deleted instantly from your computer. Select the email, right-click, and press Shift+Delete.

Upon receipt of the email, I noticed that it comes from, one Dr. Susan Nabadda Ndidde <sarutexco.ltd@yahoo.com>. For this email, I have confirmed with some staff at the NCHE, who have confirmed that there is no Dr. Susan Nabadda Ndidde. Even if Dr. Susan was a staffer at the National Council for Higher Education, she would use her official email to communicate a request signed with her office address. Be extra careful.

The official emails used by all staff at the National Council for Higher Education, have, [staffname]@unche.or.ug. Note that official emails end with name@unche.or.ug. Only staff of the NCHE can have an email with such an extension. Any other email, purportedly from NCHE without the extension should be treated with the contempt it deserves, and at best deleted.

When you place your cursor just on top of the link within the email, it displays the URL, <https[:]//msoft2[dot]webnode[dot]com>, I have deliberately used [dot] to disable an active URL which you could click on by mistake.

Using our cybersec labs, we tried to check the attack vector in the email. When you click on the link, it brings a page with a Microsoft Logo, and fields to complete. This is a typical phishing attack, which collects personal data from you. Once your data, specifically your email address, password, zip code, telephone number, which are indicated in the fields, is harvested, the attacker could monetize this using many options like selling the data, sending spam emails, or trying to use your email to log into your Microsoft Office applications.

Screenshot 1: phishing form…

The threat level of this email is three (3) on a scale of 1 to 10, with 10 being very severe and one being low severity. It is three because it is believable, and one could easily click thereby disclosing confidential data which could lead to further breaches and or inconveniences. This is an urgent notification to help you.

Next steps

During this #covid19 period and after,

  1. Do not click on emails from people you do not usually communicate with
  2. Always check the email to confirm the accuracy of the domain where it purports to come from. Someone purporting to be communicating from says MTN Uganda should have their email address at name@mtn.co.ug, any other email could be a fraudster. Stay warned. The best way is to search the name of the company in Google, to see the correct domain.
  3. Avoid clicking on URLs or links within emails. The best thing is to search for the name of the company and visit the official website. If the request is genuine, you will likely find the promotion on their official site. Plus, you can use the available contact points on the official website to confirm your concerns.
  4. Many cybercriminals are taking advantage of #covid19 lockdown, be extra careful with emails and all messages you receive via social networks and email.
  5. Phishing, which is part of social engineering, is the common attack vector accounting for over 55% of all security breaches! Be extra careful with emails and social media friendship requests and messages.

In case of a problem, contact your Head of IT security. If you are unable, contact our team at Summit Consulting Ltd. We help you to be secure online.

Copyright Mustapha B Mugisa, 2020. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related