A new phishing scam is targeting various communities,
including UVM, in an attempt to convince people to divulge their
Network IDs and passwords. Please ignore these requests.
Late last week, some UVM community members received email
messages from "Customer Services <customerserv.info@gmail.com>,"
with the subject "Message from
webmail.uvm.edu Database Centre" (full
text
below). It tells the recipient to reply with his or her
"Directory ID & PASSWORD". This
solicitation, and others like it, are
phishing scams.
Do not reply, and do not click any links in the email.
If you have already replied to
this message, or one like it, please
change your UVM Network ID password immediately, using the secure online form
at www.uvm.edu/account/, or hackers, identity theives, spammers,
and criminals will have complete access to your
confidential UVM information. Please call the Help Line at 656-2604 if
you need assistance.
How would I know this message is a phishing scam?
Although the message says it comes from UVM, the "from" address is not
at UVM (it's a gmail.com address). One should never send
passwords via email, even to technology personnel at UVM -- and
certainly never to an external email address. Also, you would be
able to
tell by viewing the full email headers that it is not from UVM.
In addition, there is no contact
information, should you have questions or should you want to verify the
legitimacy of the message.
Its real purpose is to steal your password so that your UVM account can
be used for malicious or illegal purposes. UVM's
Computer and
Network Use Policy makes us of us responsible for all use of our
accounts, and prohibits us from giving unauthorized parties our
passwords.
University of Vermont officials should never
request your password, and you should never provide your password to
someone who asks for it.
What is a Phishing Scam?
The Anti-Phishing Working Group (APWG) explains that phishing "attacks
use both social engineering and technical subterfuge to steal
consumers' personal identity data and financial account credentials."
APWG offers useful tips to help you avoid becoming a victim of phishing
or pharming:
- Be suspicious of any email with urgent requests for
personal financial information
- Don't use the links in an email to get to any web page, if
you suspect the message might not be authentic
- Avoid filling out forms in email messages that ask for
personal financial information
- Always ensure that you're using a secure website when
submitting credit card or other sensitive information via your
Web browser
- Consider installing a Web browser tool bar to help protect
you from known phishing fraud websites
- Regularly log into your online accounts
- Regularly check your bank, credit and debit card satements
to ensure that all transactions are legitimate
- Ensure that your browser is up to date and security patches
applied
- Always report "phishing" or "spoofed" e-mails
Visit the following resources to learn more about phishing and pharming
prevention, scam advisories, and to report yourself as a victim
of phishing or pharming:
What Does the Latest Phishing Scam Say?
Phishing scams are successful when they sound authentic, and are often
customized to appear as though they come from a trusted source.
They often include a mix of real and bogus email addresses and web
links (URLs). Phishing scams often appear to come from UVM,
although of course they do not.
Message from webmail.uvm.edu Database Centre
Subject: Message from webmail.uvm.edu Database
Centre
Date: Fri, 23 Oct 2009 23:00:51 +0100
From: Customer Services
<customerserv.info@gmail.com>
This Message is from the webmail.uvm.edu Database Centre.We are
currently upgrading our web/data base and carrying out maintenances of
all our Unm E-mail
accounts.To prevent your account from being closed unnecessarily.
You are required to send us your **Directory ID & PASSWORD ***
Webmaster Online Department
webmail.uvm.edu The Best Database Centre
|
