If you recently received one or more messages asking for your e-mail username and password, you're not alone. This quarter, the Office of Information Technology (OIT) has seen a sharp increase in reports of 'phishing' scams targeted at university e-mail users.
These scams normally claim some sort of problem with your account and request that you reply immediately with your username and password to avoid having your account disabled.
If you comply, the most common danger is that the sender will log into your account remotely and begin sending spam from it.
The bigger danger is that once someone has your information, he or she can use it elsewhere -- especially if you use the same login and password for other applications, such as a PayPal account.
Do not reply to such messages. Instead, forward them to firstname.lastname@example.org.
As a precautionary measure, OIT blocks replies to known scams. With each new variation, however, a few replies get through before the blocks can be updated. In those cases, OIT attempts to contact the account holder(s). If contact information is not readily available, OIT disables the account.
To avoid the inconvenience of a disabled account, OIT system administrator Don Hone stresses that individuals should not reply in any way to scam messages.
"We only can tell that you replied, not what you said," says Hone. "So we disable the account to be absolutely safe."
Scams like these are nothing new, notes OIT Director of Information Security Matthew Dalton, but the messages are becoming more prolific, better written and more accurately targeted. The best way to avoid being fooled, Dalton says, is to ignore any message that asks you to reply with personal information.
"OIT will never ask you to e-mail us your password," Dalton said.
-- Sean O'Malley