ACC Mail ACC ACC Homepage
About ACCACC NewsFaculty Services IndexStudent Services IndexACC User DocumentationACC Computing PoliciesRecommended Systems and Purchase informationComputer Support Services
 

Security Bulletin of August 14, 2008

Overview
 Full Text of One Known Scam
Tips for Safer Computing
Further Assistance

Other Bulletins
Recent CERT Alerts

COMPUTING ALERT: Beware of Email Scam/Phishing Attempts

OVERVIEW

Several Haverford email users recently received an email message with the subject line "Scheduled Network Maintenance/Service Upgrade" requesting their user name and password. DO NOT RESPOND!

This is a spam message, known as "phishing," and is a common type of malicious email. By pretending to be a trustworthy source, the spammer tries to trick you into revealing sensitive information like email passwords or bank account information.

If you recently replied to an email requesting your Haverford account password, reset your password immediately. Our password changing tool is on our secure web site, https://accounts.haverford.edu/. (How can you tell the site is secure? Notice that the URL begins with HTTPS and that your browser displays an image of a padlock on the URL line or the status bar, indicating the site is verified and encrypted.)

GENERAL TIPS:

A few general guidelines for identifying suspicious messages:

-- Don't trust messages that ask for sensitive information like account numbers and email passwords. Email is not secure. Reputable sources, including the computing center, should never ask you to send sensitive information by email.

--  Don't trust email attachments you aren't expecting. Such attachments may be a virus or other malicious file.  ACC will never email an executable file. Instead, if we ask you to take action, we will always refer you to our web site.

--  Be wary of get-rich-quick and quick-fix emails.  If it looks too good to be true, it probably is.

--  Use common sense.  In addition to the issues mentioned above, there are many other potential email hazards. If you have any doubt about a message, check with the sender or with the computing center.

For more tips, the United States Computer Emergency Response Team published an excellent document, Recognizing and Avoiding Email Scams, on their web site (https://www.us-cert.gov/reading_room/).

FULL TEXT OF ONE KNOWN SCAM

The full text this bogus email message is below.

Subject: Scheduled Network Maintenance/Service Upgrade
Date: Thu, 14 Aug 2008
From: Haverford Technical Information Department <mdkilloran@eircom.net>

Attention Haverford Account holder

This message is from the Haverford College Information Technology service messaging center, to all Haverford.edu e-mail account holders. On Sat, Aug 16Th, 2008, from 3:00 PM until 8:00PM, all Mailhub systems will undergo regularly scheduled maintenance. Access to your mailbox via our mail portal will be unavailable for some period of time during this maintenance period.

We shall be carrying out service maintenace on our database and e-mail account center for better online services. We are deleting all unused e-mailaccounts to create more space for new accounts.

In order to ensure you do not experience service interruptions, Please youmust reply to this email immediately entering your Haverford Staff/student e-mail/login ID here:(************) and Password here:(***********). To enable us upgrade your account for better online services please reply to this mail.


Information Technology service
Haverford College .


FOR FURTHER ASSISTANCE

Students, faculty and academic staff please contact Academic Computing:
Telephone: 610-896-1480
Email: helpdesk@haverford.edu
Web: http://www.haverford.edu/acc/helpdesk/
Location: Stokes 204

Administrative staff please contact Administrative Computing:
Telephone: 610-896-1355
Email: admincc@haverford.edu

MORE INFORMATION

Additional information about computer security and current threats can be found at the following sites:

United States Computer Emergency Readiness Team (US-CERT )
<https://www.us-cert.gov/nav/nt01/>
McAfee Avert Threat Center
<https://www.mcafee.com/us/threat_center/default.asp>
Microsoft Security
<https://www.microsoft.com/security/>
Apple Product Security
<https://www.apple.com/support/security/>

ACC EMAIL POLICY:

ACC will never request passwords or other confidential information via email. Email is not secure. We will never email an executable file. Instead, if we ask you to take action, we will always refer you to our web site, using an address that starts with the secure "https" protocol -- that way, you know you are downloading a safe file from us.

VERIFY THIS ALERT IS LEGITIMATE:

Before taking an action recommended in an email, please confirm that the email is legitimate. ACC posts a detailed description of all our alerts on our web site, https://www.haverford.edu/acc/bulletins/.

For Questions and Comments, contact Haverford College's Academic Computing Center.
Last updated on August 14, 2008

HC HomeCampus DirectoryHaverford College Library ResourcesHaverford College Web Search EngineAcademic DepartmentsACC Home