If you have replied to an e-mail that you suspect is a scam, and you sent your SU username and password in the reply, change your password immediately. You can do this yourself at http ://www.southwestern.edu/password/. Alternatively, you can call the SU Help Desk (x7333, hours 8AM-5PM M-F) or come by ITS with your SU ID.
Be cautious when you receive an e-mail asking you to reply with any type of personal information, including (but not limited to) a username or password. While the appearance of the e-mail may at first glance look legitimate, take the time to inspect it closer. You may find numerous misspelled words, awkward language, references to services that do not exist, or other little things that seem out of the ordinary.
You should always question the provenance and authenticity of such e-mails. Please note, however, that simply receiving a scam e-mail is not typically enough to compromise personal information. If you are unsure if an e-mail is legitimate, call the SU Help Desk or come by ITS with any questions.
Notice below some interesting features (in bold) of a phishing e-mail that was sent to the SU community recently. The subject itself is cryptic, the reply-to address is not even an SU e-mail address, and the recipient list has been blocked. Be wary of language that warns of closing your account or deleting your personal information without a reply. Notice also that there is no “Southwestern messaging center,” and that the phrase “Thank you for using Southwestern!” makes no sense.
Date: Mon, 31 Mar 2008 15:22:14 +0200 (CEST)
Subject: E-MAIL UNDER MAINTAINANCE
From: helpdesk@southwestern.edu
Reply-To: serviceupgrade@hotmail.co.uk
To: undisclosed-recipients: ;
Dear E-mail Owner,
To prevent your account from closing you will have to update it below so
that we will know that it’s a present used account.CONFIRM YOUR EMAIL IDENTITY BELOW
E-mail Username : ……… …..
E-mail Password : ……………This message is from Southwestern messaging center
Thank you for using Southwestern!
Warning Code:VX2G99AAJThanks,
Southwestern Team
https://webmail.southwestern.edu/imp/login.php
Recently, other universities have been the target of a similar e-mail scam. You can read about them here:
Illinois State University: http://www.helpdesk.ilstu.edu/kb/index.phtml?kbid=1364
Purdue: http://www.purdue.edu/securepurdue/news/
Queen’s University: http://www.queensu.ca/security/alerts.html
University of Victoria: https://helpdesk.uvic.ca/bulletins/phishing_scam.html
Take a minute to educate yourself about online scams:
Anti-Phishing Working Group
“The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.”
http://www.antiphishing.org/
Microsoft, “Recognizing Phishing Scams and Fraudulent/Hoax E-mails - Microsoft Security”
Microsoft has outlined some common features of fraudulent e-mails, including misspellings, incorrect grammar, using legitimate-looking graphics, and URL spoofing.
http://www.microsoft.com/protect/yourself/phishing/identify.mspx
OnGuard Online
A website maintained by U.S. federal agencies (FTC, Homeland Security, SEC, et c.) that provides information about electronic identity theft, phishing scams, and malware so that you can learn how to protect yourself from these threats.
http://www.onguardonline.gov/
