Thursday, April 2, 2009

Don't Fall for it

We've been getting some cases of people's e-mail accounts being compromised and used for sending spam. This was generally because the user gave out his password.  Most commonly, people are tricked into it by an e-mail requesting the password.  Here is one example:

From: <Address removed>

Sent: Wednesday, April 01, 2009 7:03 PM





This mail is to inform all our {EDU WEBMAIL} users that we will be upgrading our site in a couple of days from now. So you as a Subscriber of our site you are required to send us your Email account details so as to enable us know if you are still making use of your mail box.


Further informed that we will be deleting all mail account that is not functioning so as to create more space for new user. so you are to send us your mail account details which are as follows:


*User name:



Failure to do this will immediately render your email address deactivated from our database.


Your response should be send to the following e-mail address.


Your Admin Manager: <email address removed>


Yours In Service.





There are several things about this that should raise alarms.

  • First of all, no I&TS department will ever ask for your password. There is absolutely no need for it. In the case above, if we were upgrading our site, we'd would use your same user settings.  If, for some reason, we couldn't use your current username and password, we would create new accounts and let you know what the new information is. We would never have to ask for your password.
  • Note the phrase:  "we will be deleting all mail account that is not functioning." IT departments know the English language well enough to handle basic subject/verb agreement.
  • Though I hid it, the e-mail address for the Admin Manager was not a address (it was from the .info domain, which is not all that reputable in any case).  Even if we for some reason needed this information (as I mentioned, we don't), we would ask you to send the e-mail to a e-mail address.  This is a given.
  • At a college, it's pretty easy to know what student accounts are active and which aren't.  There is no reason at all to delete an account before you graduate. 
  • If space is needed, and we can't add memory, the solution would be to set quotas, not delete accounts.
  • "FROM THE EDU EMAIL SUPPORT TEAM."  Maybe it's just me, but I'm always suspicious about anything that comes from a "team."  Scammers always seem to use it.  While it can be legitimate, it's at least a warning flag.

There are many other signs of that an e-mail is fake; if you have an example, add a comment.  But the first rule is always the best: never give out personal information when replying to an e-mail.  If you have any doubts, contact the "sender" by another means -- by phone (finding the number in the phone book, not in the e-mail) or by visiting their web page (by typing the address into the address bar, not clicking on a link).

Here's a good overview of how to remain safe from phishing e-mails like this.