Monday, July 21, 2008

Spam warning

I think this is our first campus specific spam. The Office of Information Technology send the following warning this morning:

To All Faculty and Staff,

Several people have reported the receipt of an email with the subject “FINAL NOTIFICATION!!!” that appears to come from the “SOUTHERNCT WEBMAIL SUPPORT TEAM []”. The message itself is as follows:

Dear SOUTHERNCT Webmail Subscriber

This mail is to inform all our {SOUTHERNCT} webmail users that we will be maintaining and upgrading our website in a couple of days from now.As a Subscriber you are required to send us your Email account details to enable us know if you are still making use of your mailbox. Be informed that we will be deleting all mail account that is not functioning to enable us create more space for new subscribers, You are to send your mail account details which are as follows:

*User Name:


Failure to do this will immediately render your email address deactivated from our database.

Thank you for using SOUTHERNCT


Please be advised that this email is spam. It is a phishing scheme designed to get your username and password. Do not reply to this. Simply delete it.

Unfortunately, the timing of our Microsoft Exchange implementation makes this message more confusing and believable. However, please be advised that the OIT staff will never send an email out asking you for your username and password. Also, another clue that this is not legitimate is that OIT will not send emails out with all upper case letters in the “Subject” header.

We will be investigating this email and will try to include it in our spam gateway rules.

Thank you for your continued vigilance in privacy, security, and malware issues.

The OIT Staff
You should never respond to any email requesting your account password. Real IT folks have access to our accounts--they don't need our passwords. The only situation I can think of where an IT help staffer has ever asked me for a password was at the end of a long, multi-email and phone exchange trying to figure out why what I saw looked different than what she saw. No service or site worth anything would send a request like this with no previous contact.

Another clue about this, by the way, is the curly brackets around the SOUTHERNCT in the first sentence. Spammers exchange "form letter" type texts, usually copied from legitimate sources, with the information that needs replacing marked in some sort of bracket. I actually got one where the spammer didn't replace anything, so it was addressed, "Dear {eBay username}". The hint about the capitalization in the subject is excellent. It's true, very few legitimate business-type emails come through with all caps subject lines.

Be smart and stay safe--if you get a suspicious email like this, go to the site that it's supposed to be from (NOT via any link in the email--use a search engine if you don't know the URL), find the help or contact information, and write or call directly to the institution/company.

And, of course, if you did get this and did respond, contact the helpdesk (which is, not supportteam) IMMEDIATELY!

Labels: , , , , ,


Blogger Sharon said...

When I was working in the corporate world, the big boss's secretary sent out an urgent email to the entire staff with a subject line all in CAPS. I pointed out to her, as politely as I could, that this might be construed as spam by some email clients (and humans). She got very huffy and pointed out "But it was from ME!" Clueless.

12:08 PM, July 21, 2008  

Post a Comment

<< Home