Security Bulletin of January 30, 2009
Overview
Full Text of One Known Scam
Tips for Safer Computing
Further Assistance
Other Bulletins
Recent CERT Alerts
|
COMPUTING ALERT: Beware of Scams, Phishing Attempts, and Other Malicious Emails
OVERVIEW
Malicious email messages are an ongoing concern. Although most malicious emails sent to Haverford accounts are quarantined at the Message Center, a number of such messages do get through. The Help Desk regularly addresses problems caused by malicious emails.
GENERAL TIPS:
The following tips will help you avoid problems resulting from malicious emails.
-
Be wary of so-called “phishing” attempts that ask you to send sensitive information like passwords. In a phishing attack, somebody pretending to be a trustworthy source tries to trick you into revealing sensitive information such as email passwords or bank account information. Email is not secure; never use it to transmit sensitive information. It is against Computing Center policy to request your password or other sensitive information via email. In fact, reputable sources should never ask you to send sensitive information by email.
-
Verify email requests. Common phishing attempts come from sources pretending to be IT departments, banks, government agencies and Internet Service providers. If the Haverford Computing Center asks for you to take action, we will reference a page on our secure web site. (How can you tell the site is secure? Notice that the URL begins with HTTPS and that your browser displays an image of a padlock on the URL line or the status bar, indicating the site is verified and encrypted.)
- If you accidentally reply to an email requesting your Haverford account password, reset your password immediately. Our password changing tool is on our secure web site, https://accounts.haverford.edu/.
- Don't trust email attachments you aren't expecting. Such attachments may be a virus or other malicious file.
- Be alert to unusual computer behavior. If you notice anything unusual, such as the wrong name appearing in your SquirrelMail account, your computer running unusually slow, or your browser loading the wrong web pages, please contact the Help Desk immediately. These are common symptoms of a compromised computer or email account.
- Use common sense. There are many other potential email hazards. Be wary of get-rich-quick and quick-fix emails. If you have any doubt about a message, check with the sender or with the Computing Center.
For more details, see the excellent document, Recognizing and Avoiding Email Scams, on the United States Computer Emergency Response Team web site (https://www.us-cert.gov/reading_room/).
FULL TEXT OF ONE KNOWN SCAM
The full text this bogus email message is below.
From: IT ADMIN DESK <admininfosdept@gmail.com>
Date: Fri, Jan 2, 2009 at 12:16 PM
Subject: Web-E-News / http://www.haverford.edu Email Account Update!!
HARVERFORD
Dear haverford.edu Email Account Owner,
This message is from haverford.edu messaging center to all EDU email account owners.
On 3rd and 7th January, 2009, from 11:45 PM until 7:20 AM,
all Mail hub systems in the Portal will under go regularly scheduled maintenance
in EDU. Access to your e-mail via the Web mail client may be unavailable for some
time during this maintenance window to all haverford.edu email account owners.We are
currently upgrading our data base and e-mail account center.
We are deleting all haverford.edu email account to create more space for new accounts.
To prevent your account from closing you will have to update it below so
that we will know that it's a present used account.
To complete your EDU Web mail account, you must reply to this email immediately and
enter your ACCOUNT USERNAME here (_________)
CORRECT PASSWORD here (________) immediately for upgrading,
Once we have updated your account, current records will be sent to your Online
Account and your service will not be interrupted and will continue working as normal.
Email here in words:(********)
Email password here in words:(******)
Date of Birth:(*******)
You can also confirm your email address by logging into your
www.haverford.edu Webmail account at
http://webmail.haverford.edu
If you need help to take advantage of this new service please
contact the appropriate support staff.
Failure to do this will immediately render your email address
deactivated from our database after 7 days.
Warning!!! Account owner that refuses to update his or her account within
Seven days of receiving this warning will lose his or her
account permanently.
Thank you for using www.haverford.edu Webmail Gateway
Warning Code:VX2G99AAJ
Thanks,
www.haverford.edu Webmail Team
************************************************************************
************************************************************************
|
FOR FURTHER
ASSISTANCE
Students, faculty and
staff please contact the Computing Center Help Desk:
Telephone: 610-896-1480
Email: helpdesk@haverford.edu
Web: http://www.haverford.edu/acc/helpdesk/
Location: Stokes 204
MORE INFORMATION
Additional information about computer
security and current threats can be found at the following sites:
- United States Computer Emergency Readiness Team (US-CERT )
- <https://www.us-cert.gov/nav/nt01/>
- McAfee Avert Threat Center
- <https://www.mcafee.com/us/threat_center/default.asp>
- Microsoft Security
- <https://www.microsoft.com/security/>
- Apple Product Security
- <https://www.apple.com/support/security/>
ACC EMAIL POLICY:
ACC will never request passwords or other confidential information via email. Email is not secure. We will never email an executable file. Instead, if we ask you to take action, we will always refer you to our web site, using an address that starts with the secure "https" protocol -- that way, you know you are downloading a safe file from us.
VERIFY THIS ALERT IS LEGITIMATE:
Before taking an action recommended in an email, please confirm that the email is legitimate. ACC posts a detailed description of all our alerts on our web site, https://www.haverford.edu/acc/bulletins/. |
