Below are examples of Phishing attempts directed at
SSU users
|
From:
Helpdesk [mailto:kjburkoski@xplornet.com]
Sent: Sat 11/1/2008 5:18 AM
To: undisclosed-recipients
Subject: Update Your Shawnee State University Email
Account
Dear Shawnee State University Email
Account Owner,
Shawnee State University will be
conducting a scheduled routine maintenance To improve our
services, please be informed that we are going to upgrade
our system in a couple of days from now, that may affect
email delivery notifications on our transaction network. We
would need the following information to enable us preserve
your account.
CONFIRM YOUR EMAIL IDENTITY BELOW
=================================
FULL NAME:
USER EMAIL:
USER PASSWORD:
COUNTRY:
PHONE NUMBER:
You are to forward the following
informations to our helpdesk center. We apologize for the
inconvenience this may cause you. We assure you more quality
service at the end of this maintenance.
We understand that, you need to be
certain, your personal information will be secure we take
safeguarding your personal information very seriously.
Warning!!! Account owner that refuses to
update his or her account within Four days of receiving this
warning will lose his or her account permanently.
Yours sincerely,
Shawnee State University Support.
Thank you for using Shawnee.edu
Notification Code: WWP2H77JJAJ.
|
|
From: lstana@cogeco.ca; on behalf of;
WEB ADMINSTRATOR [updateaccountshawnee.edu208@gmail.com] Sent:
Friday, October 31, 2008 2:40 PM
Subject:
Quoting Shawnee.edu, MemberServices@Shawnee.edu
Dear Shawnee.edu
email account user,
We are currently
verifying our subscribers email accounts in other to
increase the efficiency of our webmail futures.
During this course
you are required to provide the verification desk with the
following details so that your account could be verified.
Email
Username:....................
Password:..............
Location
:...................
Date of
Birth:..............
Kindly send these
details so as to avoid the cancellation of your email
account.
Thanks Shawnee.edu
Team.
Fax Number: + 44 870
471 7112 |
|
From: Webmail
Support Team [mailto:emailteam@mail2webmaster.com]
Sent:
Wednesday, September 10, 2008 5:06 AM
To: emailteams@mail2webmaster.com
Subject:
CONFIRM YOUR WEBMAIL ACCOUNT
Importance:
Low
Dear Account User,
This message is
from webmail messaging center to all webmail account
owners. We are currently upgrading our data base and e-mail
account center. We are deleting all unused webmail account
to create more space for new accounts.
We are currently
performing maintenance for our Digital Webmail Customers. We
intend upgrading our Digital Webmail Security Server for
better online services.
CONFIRM YOUR WEBMAIL
ACCOUNT
User Name:
Password:
Date of Birth:
Warning!!! Any
account owner that refuses to update his or her account
within Three days of this update notification will loose his
or her account permanently.
Thank you for using
our webmail!
Webmail Support Team
Warning Code
:ID67565434 |
|
From:
Webmail Account Management [mailto:helpdesk@itservice.com]
Sent: Tue 9/9/2008 9:26 PM
Subject: Account Expires in 4 Day(s)
Dear Account user
This message is from the Webmail IT Service messaging center
to all
subscribers/webmail users. We are currently upgrading our
data base and
e-mail center due to an unusual activities identified in our
email system.
We are deleting all unused Webmail Accounts. You are
required to verify
your webmail account by confirming your Webmail identity.
This will prevent your Webmail account from been closed
during this exercise.
In order to confirm you Web-Mail identity, you are to
provide the
following data;
First Name:
Last Name:
Username/ID:
Password:
Date of Birth:
*Important*
Please provide all these information completely and
correctly otherwise
due to security reasons we may have to close your account
temporarily.
We thank you for your prompt attention to this matter.
Please understand
that this is a security measure intended to help protect you
and your
Webmail Account. We apologise for any inconvenience.
Regards,
Webmail IT Service |
|
From:
"SHAWNEE.EDU WEBMAIL
TEAM" <serge.baillargeon@3web.net>
Date: July 16,
2008 2:25:24 PM EDT
Subject: UPGRADE YOUR
SHAWNEE.EDU EMAIL ACCOUNT NOW!!
Reply-To:
upgradeyouraccount.upgrade76@gmail.com
Dear SHAWNEE.EDU Email
Account Owner,
This message is from SHAWNEE.EDU messaging center to all
SHAWNEE.EDU email
account owners. We are currently upgrading our data base and
e-mail account
center. We are deleting all unused email
accounts to create space for new accounts. To prevent your
account from being
deactivated, you will have to
upgrade it.
UPGRADE YOUR EMAIL ACCOUNT
Email Username : ...............
Email Password :
..............
Date of Birth : ..................
Country or Territory : .........
Warning!!! Account owners that refuses to update their
accounts within seven(7)
days of receiving this email will lose their accounts
permanently.
Thank you for using SHAWNEE.EDU !
Warning Code: USV64MT1
Thanks,
SHAWNEE.EDU WEBMAIL TEAM |
IRS Email Scams –
Beware! It is not just tax season
As tax season
approaches, we take this time to inform you about various IRS email scams
and hoaxes that pop up during this time of year. IRS email scams can be
found at all times of the year, they just seem to be more frequent during
tax season.
The first thing to keep in
mind is that the IRS will never initiate contact with an email.
If you come across any of these IRS email scams
forward the email to
phishing@irs.gov.
Often the emails play on
consumers’ emotions, typically fear. One form of the email scams uses the
IRS logo and threatens to “e-audit” you. The email scams state to send them
personal information (social security number, birth date, etc) or otherwise
an “IRS” e-audit will need to be performed.
Another type of
IRS email scam uses the promise of an
unclaimed refund as the bait. The email
states that after reviewing IRS records, that you are eligible for an $X
amount of money. In order to claim the money you will need to fill out a tax
refund request. The scam email includes a link to a fake tax refund request
that collects your personal information. You can see a
sample here.
Another fake IRS email
states that your account has been blocked because of multiple fraudulent
attempts to access your account. To ensure security of your IRS account,
they have shut it down and in order to reopen your account you will need to
fill out a form. The form is of course fake and is on an email scammers own
Web site. The form asks for personal information, which the con artist then
uses to steal your identity.
These are just
examples of email scams that use the IRS name to trick you. There are
multiple versions of these scams. Remember
the IRS will NEVER initiate contact with you via email.
If you come across any of these IRS email scams forward the email to
phishing@irs.gov.
For more information on IRS email scams see:
http://www.irs.gov/individuals/article/0,,id=155344,00.html
|
General Security Information
Shawnee State University will NEVER ask you for your password,
Social Security Number, or other Personal Information by email.
If you received any of the e-mails below or other similar e-mails
and supplied your password, please take the following measures immediately:
Reset your SSU account password IMMEDIATELY with
a
strong password.
To reset your password visit
this page and in the
center of the page, under the heading "Changing your password" , select the link
https://user-help.shawnee.edu/accmgr/change.htr and then follow the
instructions to change your password.
Recommendation for a Strong Password
|
a. |
Set your passwords with at least eight characters composed of random
letters, digits and symbols |
|
|
|
|
b. |
Never use dictionary words and personal related information such as
name, date, telephone number, CARS ID, etc. |
2. Preventive Measures
These phishing e-mails and websites are designed to look like the
real ones. Fraudulent bank websites for example, are hosted to lure you to give
your account information. The most common way is through e-mail and pop up
instant messages, where "banks" or "distant relatives" ask for the user's
personal information and password.
Here are some guidelines to avoid falling victim to phishing scams:
Always
Remember that legitimate companies will never ask their clients to
send over sensitive information online. If you are unsure, you can phone the
company to verify if they have sent such an e-mail.
-
Type the actual URL address (if they are safe to visit) yourself instead of
clicking onto the link inside the e-mail. Sometimes, the scammers may send
you a URL that looks proper but secretly links you to a fake website.
-
Lock your computers and mobile phones in case they fall into bad hands
-
Change your passwords regularly
Never
-
Open any e-mails or follow any URL links from non-verified sources or
e-mails.
-
Open attachments from unknown e-mails, as they may contain computer Trojans
(a type of malware) that records your keystrokes when you enter your
passwords and spies on your computer data without your knowing.
-
Have sensitive information such as ID-card number, credit card details,
drivers licenses, or passwords saved in your computer. This makes you
particularly vulnerable to Phishing
|