Phishing Attempt -- Email Update Alert !!!!
Reported on: July 31, 2009
Description: A phishing attempt has been reported supposedly from Email Management.
Action: Please do NOT reply to the email. To prevent compromises:
- NEVER send your password or other confidential personal information in response to email. No responsible entity requests information this way.
- DO NOT REPLY to suspect mail. It just demonstrates that you're a live target.
- Make sure you're up-to-date with all operating system updates.
- Make sure you're up-to-date in any anti-virus and anti-spyware updates.
- Don't save passwords to your email account on your system .
Sample Message:
From: "Email Management" <administrator@help.net> Date: July 31, 2009 8:03:22 AM HST Subject: Email Update Alert !!!! Reply-To: web.account1@live.com Return-Path: <administrator@help.net> Envelope-To: mario@hcc.hawaii.edu Delivery-Date: Fri, 31 Jul 2009 09:27:05 -1000 Dear webmail User, This message was sent automatically by a program on Webmail which periodically checks the size of inboxes, where new messages are received. Your mailbox has exceeded the storage limit set by your administrator. You may not be able to send or receive new mail until your mailbox size is increased by your system administrator. To help us re-set your SPACE on our database prior to maintain your INBOX, you must contact your system administrator by replying this e-mail and enter your: Email Username : .......... ..... EMAIL Password : ................ Date of Birth : ................. Alternative Email : .......... to increase your storage limit. You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit or between 18 and 20 MB. Thank you for your cooperation. System Administrator This email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential.
Background Information: There has been a recent rash of phishing scams targeted at UH/HCC email account holders. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from financial institutions, educational institutions or IT Administrators are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging.