Spam Alert: Fraudulent Phishing Emails Titled “Mailbox Shutdown Notification” or “UPDATE YOUR EMAIL ACCOUNT” Are an Attempt to Steal Usernames, Passwords and Other Personal Data.
Thursday, June 18, 2009
CSSD has received reports that spammers are sending messages to University email addresses with titles like "Mailbox Shutdown Notification" or "UPDATE YOUR EMAIL ACCOUNT" that try to persuade users to reveal their username and password and other personal information. The messages claim you are required to send your username and password in order to retain your email or Webmail account. Neither the University of Pittsburgh nor any legitimate outside email vendor will ever ask you to divulge your password by email or over the phone. Passwords and other sensitive information should never be sent in an email.
The following are samples of the fraudulent emails:
* * * * * * * * * * SAMPLE 1 * * * * * * * * * *
From: Webmaster <xxxxx@xxxxx.edu>
Subject: Mailbox Shutdown Notification
Date: Thu, 18 Jun 2009 09:15:23 -0400 (EDT)
You are expected to verify your email account to avoid mailbox shutdown by furnishing us with the following detials :
Login Username:
Login password: **************
To avoid shutting down of your mailbox which could lead to loss of your important files on our server,you must send these details on receipt of
this message.
Thank you very much.
Webmaster
* * * * * * * * * * SAMPLE 2 * * * * * * * * * *
From: University of Pittsburgh [mailto:xxxxxx@xxxxxx.edu]
Sent: Wednesday, June 17, 2009 7:53 PM
To: xxxxxx@pitt.edu
Subject: UPDATE YOUR EMAIL ACCOUNT
Dear University of Pittsburgh email Owner, This message is from University of Pittsburgh Communications Messaging center to all University of Pittsburgh webmail owners.We are currently upgrading our data base and e-mail center to allow more space in your inbox.We are deleting all unused webmail to create more space for new one.To prevent your account from closing you will have to update it below so that we will know that it's a present used account.
CONFIRM YOUR ACCOUNT BELOW
Email Address.....
Username.....
Password...............
Date of Birth : .................
Country or Territory : ..........
Warning!!!
University of Pittsburgh email owner that refuses to update his or her webmail,within Seven days of receiving this warning will lose his or her webmail permanently.
Thanks,
University of Pittsburgh Information Technology.
* * * * * * * * * * END SAMPLES * * * * * * * * * *
CSSD recommends that recipients of this and similar emails ignore them and delete them. CSSD further recommends that you do not reply to unsolicited emails or emails from unverifiable sources. You should also avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software.
Although this particular email does not contain harmful software, CSSD recommends that all users install Symantec AntiVirus software and use the LiveUpdate feature to get the latest virus definitions. Symantec AntiVirus is available at no cost to students, faculty, staff, and departments from CSSD Software Licensing Services, 105 Bellefield Hall, and can also be downloaded from software.pitt.edu.
Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions regarding this announcement.