ACC Mail ACC ACC Homepage
About ACCACC NewsFaculty Services IndexStudent Services IndexACC User DocumentationACC Computing PoliciesRecommended Systems and Purchase informationComputer Support Services
 

Security Bulletin of September 24, 2009

Overview
 Full Text of One Known Scam
Tips for Safer Computing
Further Assistance

Other Bulletins
Recent CERT Alerts

COMPUTING ALERT: Beware of Scams, Phishing Attempts, and Other Malicious Emails

OVERVIEW

Malicious email messages are an ongoing concern. Most recently, many Haverford email users received a bogus messages with the subject " Please Confirm.." coming from "Information Technology Services <helpsupport@web.net>.”

If you accidentally responded to this, the Computing Center already reset your email password for you. Should you have trouble accessing your account, please contact the Help Desk. However, should you ever have concerns that others know your password, please change it immediately on our secure web site, https://accounts.haverford.edu/.

GENERAL TIPS:

(These tips are also posted at https://www.haverford.edu/acc/protect/malicious_email.html.)

  • Never send passwords or other sensitive information via email. In a phishing attack, somebody pretending to be a trustworthy source tries to trick you into revealing sensitive information such as email passwords or bank account information.  Email is not secure. It is against Computing Center policy to request your password or other sensitive information via email. In fact, reputable sources should never ask you to send sensitive information by email.

  • Verify email requests. Common phishing attempts come from sources pretending to be IT departments, banks, government agencies and Internet Service providers. If the Haverford Computing Center asks for you to take action, we will reference a page on our secure web site. (How can you tell the site is secure? Notice that the URL begins with HTTPS and that your browser displays an image of a padlock on the URL line or the status bar, indicating the site is verified and encrypted.)

  • If you accidentally reply to an email requesting your Haverford account password, reset your password immediately. Our password changing tool is on our secure web site, https://accounts.haverford.edu/. Note, the Computing Center will reset your password if we learn that you responded to a phishing email. If you have trouble accessing your email account, please call the Help Desk.

  • Don't trust email attachments you aren't expecting. Such attachments may be a virus or other malicious file. 

  • Be alert to unusual computer behavior.  If you notice anything unusual, such as the wrong name appearing in your SquirrelMail account, your computer running unusually slow, or your browser loading the wrong web pages, please contact the Help Desk immediately. These are common symptoms of a compromised computer or email account.

  • Use common sense.  There are many other potential email hazards. Be wary of get-rich-quick and quick-fix emails.  If you have any doubt about a message, check with the sender or with the Computing Center.


For more details, see the excellent document, Recognizing and Avoiding Email Scams, on the United States Computer Emergency Response Team web site (https://www.us-cert.gov/reading_room/).

HELP:
If you have any questions, please contact the Computing Help Desk:
Telephone: 610-896-1480
Email: helpdesk@haverford.edu

FULL TEXT OF RECENT SCAM

The full text this bogus email message is below.

---------- Forwarded message ----------
From: Information Technology Services <helpsupport@web.net> <mijungkim@snu.ac.kr>
Date: 2009/9/23
Subject: Please Confirm..
To: -@l.l


Attn: Webmail account user.
Please be informed that we will be upgrading our system in a couple of days from now and your account needs to be reactivated, to complete your account activation you must reply to us
Immediately and enter your valid account details as requested below.

First Name:
Last Name:
User Name/ID
Pass-word:
Retype Pass-word:
Phone number:

You are required to do this before the next 48 hours of receipt of this email or your account will be erased and de-activated from our database.

You will be sent an account activation code to the account details you provide in next seven (7)
Working days after undergoing this process for security reasons.

Thank you for using Webmail service.


MORE INFORMATION

Additional information about computer security and current threats can be found at the following sites:

United States Computer Emergency Readiness Team (US-CERT )
<https://www.us-cert.gov/nav/nt01/>
McAfee Avert Threat Center
<https://www.mcafee.com/us/threat_center/default.asp>
Microsoft Security
<https://www.microsoft.com/security/>
Apple Product Security
<https://www.apple.com/support/security/>

ACC EMAIL POLICY:

ACC will never request passwords or other confidential information via email. Email is not secure. We will never email an executable file. Instead, if we ask you to take action, we will always refer you to our web site, using an address that starts with the secure "https" protocol -- that way, you know you are downloading a safe file from us.

VERIFY THIS ALERT IS LEGITIMATE:

Before taking an action recommended in an email, please confirm that the email is legitimate. ACC posts a detailed description of all our alerts on our web site, https://www.haverford.edu/acc/bulletins/.

For Questions and Comments, contact Haverford College's Academic Computing Center.
Last updated on September 24, 2009

HC HomeCampus DirectoryHaverford College Library ResourcesHaverford College Web Search EngineAcademic DepartmentsACC Home