Spam Alert: Fraudulent Phishing Email From "Helpdesk Team" is an Attempt to Steal Usernames and Passwords
Monday, July 6, 2009
Members of the University of Pittsburgh community have reported receiving email messages claiming to be from the "Helpdesk Team" trying to persuade users to reply giving their usernames and passwords. The message claims that the "webmail account has been compromised by spammers" and that users are to "send us your account information immediately to enable us to reset your account." Neither the University of Pittsburgh nor any legitimate outside vendor will ever ask you to divulge your password by email or over the phone. Passwords and other sensitive information should never be sent in an email.
This type of fraudulent message is known as a phishing scan. The following is a sample of the email message:
****************************************
----- Original Message -----
From: System Administrator
Sent: Mon Jul 06 07:49:29 2009
Subject: Mailbox Update
Attn: Faculty/Staff/Students,
This message is from our Helpdesk Team to all webmail
account owners.
We noticed that webmail account has been compromised by
spammers. It seems they have gained access to webmail
accounts and have been using it for illegal internet activities.
The center is currently performing maintenance and upgrading
it's data base. We intend upgrading our Email Security Server
for better online services.
You are to send us your account information immediately to
enable us reset your account. A new password will be sent to
you once this is done.
Send the information as follows
*Username:
*Password:
*Alternate email:
In order to ensure you do not experience service interruptions,
please reply this email immediately and provide the following
information above to prevent your account from being
deactivated from our database.
Thank you for using our online services.
Helpdesk Team
****************************************
The University's Spam and Virus Filtering Service vendor has notified the University that a series of high-volume spam attacks have occurred on the Internet over the past several weeks. Although they are updating their spam filters, spammers change tactics and some of these messages do get through. CSSD advises users who receive these or other suspicious messages to delete them without replying or clicking on any links the messages may contain. Please contact the Technology Help Desk at 412-624-HELP [4357] for additional information or assistance, if needed.